Skip to page content |

Tiscali Quicklinks. Please visit our Accessibility Page for a list of the Access Keys you can use to find your way around the site, skip directly to the main navigation, to the page content, or to more links within business-services.

Content Starts Here

The biggest threats to your company's security

The biggest threats to your company's security

There's more to your company's security than passwords and door locks. Here are some of the biggest threats - and what you can do about them.

When the average business owner thinks about security breaches, his or her mind probably drifts to thoughts of people sneaking in under cover of night. But the biggest threats, says Edward Kountz, senior analyst with JupiterResearch Inc., based in New York, are often right out in the open.

"Security issues affect every business out there and the smart business owner should always be thinking about security as a 360-degree approach; it's about risk mitigation, not elimination, because the risks are all around you - inside your office, coming in through your network, data fraud, spyware, theft of customer data."

That said, there are three major categories that business owners should be most concerned about - infrastructure security, data protection, and access control. Not sure which one to tackle first? Here's a guide to the security hot spots in your office that typically are the most deficient.

The bare bones

Your internal infrastructure is, at the most basic level, the backbone of your company. To protect it, you need to shield it from both internal and external threats. "Everything on your network is vulnerable," explains Nick Selby, research director, Enterprise Security Practice for research firm The 451 Group. This includes end-point protection - keeping the devices and computers your employees use safe - as well as actual data protection. In fact, the latter - especially for sensitive or regulated data - says Selby, is among the top risks associated with smaller enterprises.

This is why everything on your system should be encrypted, and why every employee should have easy access to a shredder for all sensitive documents. It's very easy, says Kountz, for people to go dumpster diving right in the trash can next to them.

And then there's network access. You've got to worry about your wired infrastructure - your internet and email connections - and your wireless network. All three need to be intrusion-proof. The best way to facilitate that is a combination of end-point security via antivirus, malware, and spyware protection and strong network security. Another smart idea: outsource your email handling to a company that specializes in delivery, security, archiving, and spam filtering.

"Don't scrimp on security software," explains Selby. "The most important thing is to make sure it's updating daily or, even better, hourly. I'd also think about outsourcing because no one should expect to - or have to - become a security expert overnight."

You'll also want to encrypt data on your wireless network, and lock down outside access to that network using Wi-Fi Protected Access (WPA), which should be built-in to most wireless routers. Why should you care about someone using your wireless signal? Because it puts your company at risk.

"Let's say that a child pornographer uses your wireless connection to send files," says Selby. "Do you want that to come out? That your business allowed those files to be transferred over your network?"

It's a people problem, too

Of course, there's more to security than software and hardware. In fact, those companies that relax just because they have their end points and network secured may be putting their existence in great peril, says JupiterResearch's Kountz. "Internal hacking or data compromise is a risk for anyone who has data flowing or stored electronically," he says. "Employees do steal, both physically and electronically." For example, you could be doing everything right, but if you forget to encrypt your backups, you may be sunk without knowing it.

"Encrypting your backup tapes is absolutely crucial. With a smaller business, the easiest thing to do is to lose backups. Someone - especially an employee - can just walk by and pick up a tape and then they've got your entire business sitting in their hands," explains The 451 Group's Selby. "You may not live in a state that requires data breach notification, but to have the local paper writing that you've lost personally identifiable customer data is a death sentence."

This is why you need to focus on controlling the flow of all data - not just your backups - where it sits, who has access to it, and whether or not it's encrypted.

And then there's the issue of access control. You wouldn't hand a stranger the key to your front door, but that's just what happens when companies unwittingly leave the 'doors' to their network - and office - open.

This is why password protection is so important, as is physically locking doors and file cabinets. Even USB devices such as iPods, digital cameras, and external storage drives can and should be locked down.

"If you've got confidential process lists, customer contact lists, credit card numbers, you want to look at hardware and software that limits access to those types of devices," says Selby. "Most companies can easily implement device or port control."

But it's not the only answer. You can have the best technology in place, but without human compliance, you can have serious issues. This is why communicating risks to employees is important. For example, most people are aware that malware and viruses can originate in emails or shared files, but few realise that a Web page - even one from a known, trusted company - can harbour something dangerous.

"The concept of drive by download is a prevalent threat, and clear and present danger," says Selby. "Type in the right URL, go to a social networking site that has flash animation that exploits a vulnerability and you can become infected. Employees should know that they can pick up malware from legitimate Web sites."

And that's where education - as well as a good software program or hardware appliance comes in.

So with all these issues, how can a business owner do the right thing without panicking or losing sight of what's most important? Unfortunately, there isn't a one-size-fits-all fix to potential threats, says Selby, but you can make a difference.

"Most businesses will find three things that will comprise 80 percent of their risk," he explains. "Fix those first. Start with the stupid - the things you know you should be doing but just aren't."

For more information on security, visit the Dell website

 
Next page
 

page: 1 | 2 | 3

Related Links

 

Advertisement starts

Advertisement ends

 
Web building software
123-reg domains & web hosting
Domains & web hosting
Everything you need to get your business website online. Easy to use domain names, web hosting, site builders & ecommerce to get online and trading in minutes
Technology news
Tools & resources
Managing finance
Managing finance
Green business
Green business
Raising finance
Raising finance
Legal issues
Legal issues
Insurance
Insurance
Marketing & PR
Marketing & PR
Women
Women
Human resources
Human resources
Helpful links
Helpful links

More Links Within This Section

-->
IT/Telco

Main Navigation


Search

Page Footer

print now Print now send to a friend Send to a friend related articles Related articles related products Related products
My account
My account
Access your account
more...
Latest news
Latest news
Business headlines
more...
Weather
Weather
UK and world forecasts
more...
Video
Video
Business bulletins
more...
© Tiscali 2008   
. . . .

terms of use | acceptable use policy | privacy policy | cookie policy | code of practice | terms & conditions | contact us