|
||
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: |
BEWARE THE SECURITY ENEMY WITHINSource: Vnunet.comPosted on June 16, 2001 Why is it that, when four out of five IT-related crimes are committed from within an organization, most companies still believe that the only threat comes from faceless hackers and virus writers? External threats should be taken seriously, and protection put in place, but nobody knows your security loopholes better than your employees. Despite their common occurrence, internal security breaches go largely unreported. What company wants to publicize that sensitive information has been accessed from within? Employees understand in detail how their organization's systems work. If someone has access to passwords they also have access to confidential information. An expert can also exploit software loopholes or weaknesses to introduce viruses or gain access, or use hacking tools designed for Denial of Service, intrusion or password cracking to cause mayhem. Employees can unwittingly open a company's innermost secrets through sheer carelessness, and the most damaging viruses have spread because people open email attachments. Another problem is remote workers turning off security protection on laptops. Intrusion detection, antivirus software, firewalls, network scanning, encryption and triple A can be employed to provide an effective and co-ordinated set of defences. It is important to create security zones with varying access rights. Passwords and policies need to be changed regularly, and for really sensitive information it is worth considering physical measures such as restricted areas, card keys and biometrics. However, companies need to ensure that the security measures taken are appropriate -- don't spend vast amounts of money protecting worthless data. Even the most comprehensive security system is a waste of money without a clear security policy and culture. Attitudes to employee email and Internet abuse are often lax and this can lead to internal security breaches. Staff must be vigilant and aware of potential dangers. Internal breaches, whether malicious or careless, should be dealt with according to a disciplinary code laid out in an employee's contract. Security must be top of the agenda when mapping out company policy.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
ALERT WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |