Effective business security can help an organization to control and secure information from malicious changes, deletions and from unauthorized disclosure.
Identifying and understanding the relationships between risks and security solutions is important to effectively employ security to address these risks.
Risk Management for IT Systems of a Business:A risk is the possibility of a negative or undesirable happening. A business risk is the likelihood that something undesirable can happen to the business, its customers or an entity that the business depends upon. Typically, most of the business risks are gauged in economic terms such as lost revenue, wages or damage to the brand’s reputation. Reducing the probability that the business value will be lowered or mitigating the consequences or economic loss of an incident can decrease business risks.
Risk management is the structured way of analyzing and controlling the risk to the IT systems used by the business organization. It involves determining the risks and developing a plan to deal with them. The risk analysis process involves:
- Comprehending and listing the various threats to the IT systems
- Determining which parts of the business are most vulnerable to each threat – this can be done through review, testing and audit
- Assessing the likelihood of each threat that actually affects the business – this sis determined through statistical research
- Identifying and employing suitable measures to minimize the likelihood of threats
Security Threats to IT Systems:There are several threats that can harm IT network of an organization and E Commerce websites. The hackers that target these systems try to gain unauthorized access to confidential business information and applications. Once they access such information, these can be compromised with or sold to others.
One of the biggest causes of security breaches in the workplace is the mishandling of log-in details and passwords by employees. If the passwords are written down, shared or not changed frequently enough, the possibilities of unauthorized access increase manifold.
The other risks are computer viruses – the programs that alter the way a computer operates without the consent and/or knowledge of the user. Computer viruses are usually spread through e mail attachments. These are often seen as ‘.exe’ (an executable file) or ‘.scr’ (extension used for Windows screensavers). Such files may contain viruses, worms, malware, spyware or Trojans that can infect a computer.
The email attachments infect a computer when the file is opened but viruses can also be picked up while visiting malicious websites. Other sources of virus are infected USB drives and external media like infected CDs.
There are several kinds of computer viruses. While some are extremely malicious with the ability to delete or damage files and programs, there are others that are less destructive but can jam resources and cause systems to crash with eventual loss of data.
Certain viruses are used by hackers to take remote control of the computers. These can be turned into ‘bots’ or ‘zombie’ computers. Collectively called ‘botnets’ such computers are used for malicious activities such as denial-of-service attacks, click fraud and identity threats. Numerous illegal scams and frauds are directed at small businesses through these viruses.
Social networking websites also pose a threat to computers of a business organization. Most of these sites are already used by hackers who add links in their posts that point to popular current events or entertainment news websites. The malicious links can take users to phishing websites that are used to obtain confidential information or install ‘keyloggers’ on your computer. Keyloggers is a software that records keyboard strokes as the user types in on the computer.
A business organization needs to counter these with the threats to its IT system before they cause any damage to the confidentiality of its data. It should also be understood that security of systems is not just the responsibility of the business IT team. All employees need to be trained to manage their work and conscientiously follow the security policies.
Tools and Techniques to Counter Security Threats:While there are numerous threats to the integrity of business IT systems, there are also a number of countermeasures that can help to safeguard critical business information, data, applications and software.
The threats posed by unauthorized access can be minimized through a combination of right technology, procedures, policies and user awareness. It is obvious that IT security is the need of the hour for modern business organizations. Each employee of the business needs to be aware of the business security policies. Indeed there must be a session on IT security policies during the new employees induction program. All employees must be made to sign a memorandum that requires them to abide by the business security policies of the organization.
To foolproof the network of computers, the business must:
- Install a properly configured Firewall for the Internet Connection
- Ensure that there are virus, spyware and E mail attachment content scanners on all systems
- Ascertain that its computer systems are updated on a regular basis with service packs, patches and hot fixes to effectively counter the latest known intrusion modus operandi
There must be anti virus software installed on all systems and these also need to be updated frequently. The email attachments especially those in the mails coming from external sources should be treated with caution. Employees should also be discouraged from sending chain mails that are purely entertainment oriented and not related to business operations. Business enterprises should also subscribe to hosted email spam and virus scanning service. The use of USB drives must be restricted. An infected USB device can completely damage any computer.
The businesses that handle sensitive information across mobile connection can consider using a Virtual Private Network or VPN. A VPN uses ‘virtual’ connections routed through the Internet from the business’ private network to the remote site or employee. By using VPN – businesses ensure more security and third parties intercepting the encrypted data cannot read it.
A proper business continuity plan should also be a part of every organization’s policies. With the use of right technology, policies and user awareness for their IT systems, organizations can ensure a good degree of business security.
About the Author:This article by Frank Johnson is the first in his series on ‘Business Security’. Frank is a regular editorial contributor on technology products and services that help small to mid size businesses. To know more about Business Security strategies and procedures, you may interact with him here