The security facts

Article: The facts about security

Over two thirds of UK companies have experienced a computer virus of some sort within their company. This shows online security should be of importance to every business, no matter what its size, as viruses aren’t generally selective about who they attack.

IT security should be taken as seriously as physical security. The trouble is, there are so many technical terms you need to understand, like firewalls, ports and Trojans, and the threats are difficult to perceive or quantify. Coupled with this, is the fact that although the threats are constant, they keep changing in form and increasing in complexity.

However, it’s not just the effects of an attack that can damage businesses: in our experience, fixing the problems can also take a considerable amount of time.

Large companies generally have dedicated IT teams who update software, develop systems to prevent internet attacks and deal with viruses, so employees don’t need to worry about security. But, we’ve found that for smaller businesses, it may be the owner or one of the company directors who is in charge of IT and security.

Often these people have no formal training or experience in dealing with IT systems. Either that, or they take a head-in-the-sand approach to internet security and policies, remedying problems only when they arise, rather than taking preventative action. Ignorance, as well as apathy, can cost the company dear, with electronic data becoming critical to every business. As recent BT and IoD research shows, 82 per cent of businesses could not function without the electronic data in their IT systems.

The first thing we would advise them to do is to make sure you have a firewall in place. This is essentially an electronic barrier that sits on a server, router,individual PC or dedicated device, and protects whatever is behind it. It serves as a first line of defence against external threats by screening all incoming information against a number of set rules to ensure it comes from a secure source.

There is a range of options available, which cost anything from around £30 for a boxed software product to £250 for an installed hardware solution. They can also be purchased on a monthly basis, with the supplier providing regular upgrades. Firewalls can be bought online or from IT specialist outlets and systems integrators.

Firewalls are designed to stop or hamper hackers trying to access information internally or via the internet. Surprisingly, the biggest threat from hackers can actually come from within an organisation. There are rafts of procedures that can be put in place to curb this type of threat, ranging from increased password protection to network management controls.

Another problem that can lead to security issues is email and internet abuse. This can include sending offensive material, spamming or even opening an infected email.

Used in the right way, email and the internet can be of great benefit to business, but in the wrong hands it can do enormous damage. Implementing email and internet policies and detailing what’s considered appropriate usage, makes it clear to employees what’s acceptable behaviour and what’s not. These policies must be regularly updated and promoted heavily around the company for them to succeed.

We’ve found that equally important is educating staff about the dangers of looking at sites of an adult nature or using Peer-to-Peer (P2P) sites in the office, such as MP3 and video downloads, that may compromise the whole company network. Downloaded data from these types of sites is likely to contain Trojans, spyware or other malicious code that you download without knowing it.

Trojans, like the horse in the Greek tragedies, is a program that may look harmless on the outside but in fact can do real damage if you let it into your system. Most anti-virus vendors offer solutions that can protect against this sort of virus.

Spyware, as the name suggests, it is software that covertly gathers user information. This can be either used for advertising or malicious purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs and downloaded. Once installed, the spyware monitors user activity on the internet and transmits that information in the background to someone else.

Viruses and spyware aren’t necessarily destructive in themselves, but they are becoming more prevalent. The definition of a virus is a program that reproduces itself, such as a worm. However, many do carry destructive payloads too.

Viruses can enter a PC or network from disks, or via the internet and email systems. There are a number of vendors offering anti-virus solutions that should be used to check every file/disk coming into your business. In essence, even the most basic security should include an anti-virus solution.

The key is to keep all of your security software up to date. It is no good having the latest cutting edge software if you don’t update it when a new vulnerability is discovered. Many systems offer regular automated updates but if not, vendors normally offer patches or updates via their websites. Not updating the software is similar to not taking a new car back to a garage when there is a recall for a safety defect. It’s that serious.

Another potential danger, often forgotten, is mobile working. Employees take laptops home where they connect to the internet or allow members of the family to do the same. Many Trojans and viruses introduced to the office network are brought in by infected computers. Think about setting up policies to restrict the personal use of mobile devices, and more importantly, restrict the ability of users to bring malicious code into the office.

Backup is also an essential part of any security plan. Larger businesses generally have a backup procedure in place, but only 17 per cent of all companies backup remotely. For a minimum charge, starting at £5 per month, automated backup services allow users to set backup to happen daily over broadband, so the minimum amount of data is lost should disaster, such as virus, computer failure or a spilt cup of coffee, strike.

You don’t need to go over the top or spend money unnecessarily. Look at what’s important to your business and take the necessary precautions to protect your core assets. In fact, too much can be more of a hindrance than a help as it can place restrictions on your day-to-day activities. Security doesn’t have to cost a fortune either.

Click here to find out more about security.