This page contains a Flash digital edition of a book.
How L


is your business? secure


Is your business doing all it can to maintain IT security and prevent loss of important data? ECA group head of Information Systems, Steven Hall, provides some pointers


ike any guerrilla war, the war on security is hard to win – and it will most likely run for as long as we are still working. The main reason for this is that threats can come from many sources and at


any time of the day, so you cannot just concentrate your efforts on one place. Now, the word war may sound like an overstatement, but around the globe there are a huge number of people involved in the security industry – and the budgets involved are vast. So for those with a rather more modest budget, where


do you start? There is no one answer that would fi t all businesses here, but the majority of components that you need to think about are common for most companies, so let’s start with some high-level categories. ■ Perimeter security – This covers fi rewalls, antivirus and spam fi lters.


■ Server and desktop – This covers fi rewalls, antivirus, encryption for mobile computers and devices, password policy and phishing.


■ Physical security – This would look at alarms, access control systems and building monitoring systems. (This area is not covered in this article, however there are many members of the Fire and Security Association that would be happy to assist you in this area. Visit their website at www.fi reandsecurityassociation.co.uk.


■ Risk management – Covering contingency planning, operational risk assessments and acceptable use policies. The fi rst step is to start off by looking at what you have


in place at present, as hopefully you will have a lot of what you need already. Just be sure that what you have is up to date, as an out of date virus checker, for example, will offer limited defence. Next, you need to assess your risk to establish if what


you have in place is suffi cient or not. This is where it gets a bit trickier, as you have to understand the risks and what the effect of a breach would be. For example, if your network was experiencing a DDoS (distributed denial of service) attack (where an attacker fl oods an


56 ECA Today March 2011 About the author


Steven Hall Steven Hall is the ECA’s group head of Information Systems. He is responsible for the IT strategy and runs the teams responsible for system development, infrastructure support, IT security and business continuity planning.


internet connection, denying access to the service by rendering it unusable), this could bring your website to its knees, and would be a major problem if yours was a company where a large amount of work is driven through online ordering and payment. However, if your website is more a shop window, a DDoS attack would not be good, but you and your customers would not be so badly affected. Once you have assessed where you are, you need to


put a plan in place to get to where you want to be. This then needs to be costed and prioritised and reviewed on a periodic basis as your business changes – because so will the threats. Hopefully the list of areas below will help guide you


through any security review, but before we jump into technologies, let’s look at a few myths: 1. ‘We are only a small company, so no attacker would


bother with us’. Unfortunately, the majority of breaches from outside a network come from automated processes that just sniff around the internet looking for weaknesses. So a lot of the time the companies that get hit are the smaller ones, as they do not always have the resource or knowledge to secure their systems. 2. ‘The biggest risk will come from those nasty people


out there on the Internet’. Unfortunately not, the biggest risk can often come from your staff being careless or malicious. But, before you invest in the latest set of thumb screws and pay Bob in Accounts a visit, you need to be sure that you have put in place security measures that are appropriate and you have communicated this to all the staff. The key here is to involve your staff from the outset so they can understand what is acceptable, and get them to also act as your eyes and ears in reporting concerns. 3. ‘Security will be very expensive to install’. Thankfully,


this is not always the case, as there are solutions for those with smaller budgets, as we will see later on in this article. Costs will depend very much on your individual requirements, so sometimes there may be times when you do need to spend some hard earned cash to keep the bad guys at bay.


SHUTTERSTOCK


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72