IT security is red hot for a reason. Here are some ways to make sure you are locked down properly.
IT security remains a red-hot area in the IT industry among companies of all sizes companies worldwide. Tech market researcher IDC estimates that worldwide IT security spending will reach $45 billion by 2006. This includes hardware, software, and services associated with IT security deployments across the globe.
The shift to digital, mobile, and virtual IT landscapes means there are more ways IT systems and businesses can be compromised. The threat of intrusion and attack is dramatically increasing across all industries and sectors, and it’s taking a heavy toll on businesses.
According to Gartner, $2.4 billion was lost by U.S. banks in the past year as a result of theft from unauthorized access to checking accounts. More than $1.2 billion was lost by U.S. banks and credit-card issuers as a result of e-mail phishing attacks in 2003.
Another major motivation to deploy IT security solutions is regulatory compliance, SPAM prevention, and a desire to reduce the risks associated with business operations that are becoming more Web-based. The Sarbanes-Oxley Act, to name one piece of legislation, was passed to restore the public’s confidence in corporate governance by making chief executives of publicly traded companies personally validate financial statements and other information.
Yet, there is a legal provision mandating that CEOs and CFOs attest to their companies’ having proper “internal controls.” If a company’s IT system is not secure, then management is at risk of signing off on internal controls, so it becomes necessary to ensure auditable security measures are in place.
The 2004 CSI/FBI Computer Crime and Security Survey showed that more than 80 percent of U.S. organizations conducted internal security audits in 2003. The importance of IT security cannot be stressed enough. Here are five critical areas of technology security to help you protect your technology investments.
— Implement a security governance program at your place of business or home. No matter how much security technology you have in place, you can’t do it without support from your technology users. It is important to develop security programs that educate people on the process, technology and risks associated with vulnerabilities within your IT infrastructure.
— Keep up-to-date with the latest software/hardware technology. With computer systems becoming increasingly vulnerable to intrusions, virus protection software is a crucial component of technology security. Many antivirus clients offer thorough security solutions and include features such as firewall safety, e-mail protection, live updates, and intrusion protection–all in one software bundle. Firewalls are also needed to handle intrusion detection, which entails notifying the user of the nature and source of an attack in progress. There are three types of personal firewalls available: standalone (software installed), appliance-based, and agent-based (software from a central policy server).
— Ensure patch management. Sometimes bugs are discovered within a program that may provide an opportunity for someone to attack your computer. Operating systems and applications must be updated frequently to keep and the system running smoothly. A computer system can only remain stable and secure with proper maintenance. It is generally up to the user to run updates on their computer system; however, client management solutions (such as HP’s OpenView) are available to facilitate this process and keep systems updated
— Back-up your computer data. Computer systems face an infinite number of threats including hardware failure, software failure, program changes, data theft and electrical problems. In an effort to protect your computers’ most important assets, companies must constantly ensure their data is backed up and properly stored in an alternate location.
— Integrate wireless and wired security policies. Wireless security is not a separate network infrastructure that requires all different procedures and protocols. First, change the default SSID (network name) on your router/AP. Then develop a security policy that combines both wired and wireless security to leverage management and cost advantages. For example, integrate a single user ID and password requirement for users whether they are accessing the network through your wired or wireless infrastructure.
Manny Novoa is a Principal Member of the Technical Staff, Personal Systems Group, for Hewlett-Packard.