Frank Cincotta
President
Mage Technology Partners
Securing your organizations proprietary
information and systems is of paramount importance in a competitive
business environment. Computer systems and technologies, although
a necessity in today's fast-paced business world, also offer
competitors and criminals access to your information if you
are not properly protected.
Enterprise security is a challenge
for many companies today, but ignoring your security systems
can lead to computer breaches, downtime, financial loses and
decreased productivity.
Unfortunately, very few emerging
and small businesses have a strong understanding of the risks
of computer breaches and how to protect their systems and information.
Recently, the Computer Security Institute, with the participation
of the FBI, released the "Computer Crime and Security Survey."
Some of the results were startling and warrant mentioning.
The survey, based on responses
from more than 500 computer security practitioners, found:
- 85% of respondents detected computer security breaches within
the past 12 months
- 64% acknowledged financial losses due to computer breaches
- 23% suffered unauthorized access of misuse in the past 12
months
- 70% cited their Internet connections as a frequent point of
attack
- 40% detected system penetration from the outside
|
- 58% of those acknowledging attacks
reported 10 or more incidents.
And these are computer security
professionals. How do you think the average system or network
administrator is faring in this battle? Clearly these statistics
show the risks an organization takes when they do not utilize
an enterprise security system.
So what can you do to protect your
business?
The first step is to identify what
you are currently doing. Are you running any kind of Intrusion
Detection Software (IDS)? Does your website restrict users from
your private network? Do you utilize a firewall and anti-virus
software? If you answered "No" to any of these questions - you
should consider getting up-to-date immediately. Your system is
very easy to access from the outside.
Furthermore, in how many different
ways does your system allow external access? There should be only
one way to gain external access for your employees - email. Also,
make sure you are using a Virtual Private Network (VPN) connection
for any remote access by you or your employees - it will ensure
a secure connection.
You can also beef up security
by hiring a network administrator that will handle all security
issues. Limit your employees Internet usage by requiring it to
be business related and only allow them to run authorized applications
software on their computers. Finally, have a comprehensive computer
usage policy in place and make sure you require a key or badge
to gain access to your office or business.
|
This year KaZaA software has
been downloaded more than 250 million times, and continues to
bedownloaded at a rate of 2.5 million copies per week. For those
of you who do not know, KaZaA is the Napster replacement that
allows users to download digital music, videos, and other electronic
media, free of charge.
So, here's the problem - are your
employees downloading some MP3 files onto their computer? Although
they are probably unaware that they could cause problems, KaZaA
has known vulnerabilities that can introduce viruses, worms, backdoors,
or Spyware, and can put confidential corporate information at
risk. Additionally, if your company employs remote access technology
such as a Virtual Private Network (VPN), Extranet or dial-up,
an employee's home computer can inadvertently become the conduit
for infecting the company's private network.
Enterprise security will always be
a challenge, however, the first step to creating a secure computing
environment is education. Virtually all of the threats mentioned
in this article can be prevented with the right security policies,
controls and tools. If you have questions, talk to a certified
professional consultant who can help you identify your needs and
create a solution to achieving your security goals.
Frank Cincotta is president of
Mage Technology Partners, a Needham-based technology services
consulting company.
|
