This page contains a Flash digital edition of a book.
32 . Glasgow Business October 2015


YOU’RE NOT


BENEATH TH


No matter the size of your business, your IT security – or lack of it – could be putting you and your reputation at risk


W


hether you are a small to medium-sized enterprise (SME)


or a multinational, the relative importance of IT security has increased dramatically over the past 15 years, from a headache for the IT department to a business- critical, board-level concern. Te nature of the threats facing


business has also changed, with data theſt, corporate espionage and malicious online atacks on one side, and the perils of social media and reputational damage on the other. Organisations of all sizes ignore these risks at their peril, said Alun Borland, Director of Glasgow-based IT and security consultants Stratiis. “Tere is an assumption,


particularly among smaller businesses, that as long as they have anti-virus and anti-spyware measures in place, they’ll be safe. But targeted atacks, in which hackers make a concerted effort to breach a specific business, are on the rise and are not confined to larger organisations.” Indeed, according to figures


published this year by global security firm Symantec, targeted atacks have almost doubled in the past few years. Tis is a marked change


from the days when viruses were simply distributed to anyone who could be tricked into downloading them. Small and medium firms should not consider themselves beneath the interest of these focused hacking atacks – as well as any value the business itself may hold (customers’ credit card details, for example), they may act as a stepping stone to reach bigger fish. In a recent case in the


US, the retail giant Target was compromised aſter hackers infiltrated its heating, ventilation and air conditioning (HVAC) supplier. Even as atacks have become


more targeted and technologically sophisticated, the majority (around 80 per cent) of SME data breaches still arise from the weak human link. Whether accidentally clicking on a well-disguised web link, sticking with the same easily-cracked password for years on end, or deliberately compromising security out of malice, employees’ behaviour should be the starting point of any successful IT security strategy. Alan Delaney, a Director


in the Employment and Pensions team at law firm Maclay Murray & Spens, argued that strong rules and guidance for employees is as vital as any technological safeguard. “Looking back some 15 years,


half the batle was geting clients to be interested in seting an IT use policy. People are a lot more clued up these days, and the more stories you read about organisations receiving large fines, the more notice is taken of that.” Delany cautions that, while


security rules should be explicit – for example, prohibiting use of USB sticks or enforcing regular password changes – sections dealing with social media or personal use of the company’s internet connection should be more principles-based. “Policies shouldn’t be so long


and complicated that they bamboozle employees, because the more pages there are, the less likely they are to be read. I did see one policy that ran to about 60 pages – it had been updated every year,


with new points simply appended to the back, so the social media policy was on pages 55-60. “Tese policies, once draſted,


can’t just gather dust; they need to be used. Businesses should actively train people on the policies, making them part of the induction and regular refresher sessions. “Tis isn’t simply about


preventing security breaches, though that’s obviously


important. I’ve acted in many tribunal cases revolving around IT misuse, and a common factor among them is that organisations that have a clear, active and consistently enforced IT policy always fare beter.” Borland agreed that regular


training is a must, arguing that nobody is immune and nothing should be taken for granted.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60