Last year There was an alarming increase in the rate of external and internal security attacks on in-house IT systems, including Internet and e-mail facilities. You may recall that passwords were ‘stolen’ from AOL in July, while the seemingly impregnable Microsoft’s security defences were also breached. Headline makers one and all.
Is there a security solution that can provide 100% protection against the growing number of IT attacks that are occurring? Importantly, how can installation managers work towards ensuring higher security levels? Some useful tips are provided in a report just published by specialist security consultancy the Control Risks Group.
Back in October, the Group commissioned Research International to conduct a survey involving over 100 key IT security personnel from FTSE 500-registered blue chip organisations across the UK – with a view to providing security ‘pointers’ for managers.
Some of the findings make for uncomfortable reading. Despite the fact that IT security and confidentiality are universally regarded as highly important issues for big business, there is often some reluctance to invest in making networks secure. Sadly, almost half of those who took part in the survey felt that the cost of making IT networks safe outweighed possible losses.
Although over 50% of respondents have had an independent penetration test conducted on their IT systems, 33% had not conducted an information security risk review. A staggering 49% claimed that they do not have training and awareness schemes in place specifically covering IT security.
An even more shocking discovery was that 33% of those companies questioned don’t bother to carry out background checks on prospective IT personnel or outsourcing partners, while 60% employ temporary staff – one third of whom are granted full and unconditional access to in-house networks.
Viruses and hackers/crackers emerge as the main perceived threat to an organisation’s data security. That said, it’s in-house staff who spread viruses – for the most part unintentionally (due to a lack of awareness).
So what can IT/security managers do to combat the threat? The report states that vulnerability to virus attack can immediately be reduced by using .RTF instead of .DOC, and .CSV as opposed to .XLS.
Virus checkers should be updated at least once a month. Another handy piece of advice is to change over to a digital telephone exchange. This should prevent the use of unauthorised analogue modems on your network.
If there is a breach of security, review your information security policy document immediately, and reassess your firewall configurations at least every three months. It may sound obvious, but make sure you have an information security risk assessment carried out to help identify the key areas that your business needs to protect.
Training, training, training. That word can never be stressed enough in our industry, it seems, so…look towards thorough IT security training programmes. Only then will security become habitual to system users. Likewise, management will become even more ‘security aware’. Consider also the benefits of an aggressive penetration test to assess whether your theoretical security strategy matches the actual measures in place.
Last, but by no means least, protect the sensitive information held on laptops by using encryption controlled through a central resource in your organisation. Ensure passwords are carefully chosen.
Make sure, also, that you conduct a thorough pre-employment screening of all would-be full-time staff and contractors.
