Magazine article New Zealand Management

Selling Secrets: How Secure Is Your Business: New Technologies Deliver Vast New Efficiencies to Organisations. but They Also Bring Increased Security Risks with Them. How Can Managers Fortify Their Enterprises on All Fronts?

Magazine article New Zealand Management

Selling Secrets: How Secure Is Your Business: New Technologies Deliver Vast New Efficiencies to Organisations. but They Also Bring Increased Security Risks with Them. How Can Managers Fortify Their Enterprises on All Fronts?

Article excerpt

An impromptu street survey in London earlier this year revealed that almost three-quarters of office workers were willing to surrender their electronic passwords when bribed with a mere chocolate bar. The survey, conducted by the organisers of the Infosecurity Europe conference, also found that the majority of workers would take confidential information with them when they changed jobs, and wouldn't keep salary details confidential if they discovered them.

Just as alarming is the revelation that four out of 10 employees knew their colleagues' passwords; 55 percent said they'd give their password to their boss; two-thirds use the same password for work and for personal access such as online banking; and many workers who regularly change their passwords keep them on a piece of paper, or stored on Word documents.

Are New Zealand's office workers similarly loose minded with their passwords? We may never know the answer, but what this survey highlights is that the greatest threat to business security comes from within, rather than outside the organisation. From the workmates just outside your office door.

Malicious intent

Computer viruses, worms, blended threats and hackers are uppermost in business owners' minds in New Zealand. This preoccupation was reinforced by a survey conducted by the Employers & Manufacturers Association (EMA) on behalf of Symantec earlier this year. A staggering 63 percent of small businesses have been affected by malicious attacks, with only 17 percent of the respondents running antivirus software. Larger organisations with much greater resources and IT budgets can ill-afford to be complacent either--the Sasser worm, for example, has brought organisations as large as the US Coastguard to their knees.

"The biggest vulnerability for larger companies is when viruses are introduced to the company network via a portable device such as a notebook or PDA," says Richard Batchelar, Symantec's New Zealand manager. "A CEO returns from Hong Kong, plugs his laptop into the company LAN, and bingo, the bug is fired into what was considered a bulletproof network."

And, it is not enough to install a firewall. Hackers can purchase the same equipment and exploit any vulnerabilities, says Batchelar. Companies must have up-to-date protection and when installing new firewalls must reset and reconfigure their systems immediately, rather than just instigate a new set of policies and rules, which essentially leave the door open to outside threat.

Keeping your organisation safe is not just about putting up a single perimeter fence or layer. To repel attacks you need the IT equivalent of multiple locks and alarms--such as monitored firewalls, content filters (to eliminate undesirable emails/downloads and unsolicited email or 'spam'), and virus scanners--which can be updated hourly to cover people working after-hours.

And then there is 'proactive security'.

Proactive security involves vulnerability assessment, intrusion detection, decoy servers--which Batchelar calls "a wall in front of your wall", and most importantly, being aware that your biggest threat is indeed the employee already inside the wall.

"A lot of people are looking from the outside-in when really they should look from the inside-out," warns Batchelar. "A 'one click' nanosecond response to an email can set off hours, if not days of downtime for an enterprise and productivity." Banks and financial institutions are especially hot on programmes that teach staff about the dangers of cyber-space.

Symantec markets software products as well as plug-in appliances that aren't reliant on an operating system. These devices slot-in next to a server and provide multi-layered security that can be replicated at other branches of the organisation.

"Integration is where everyone is heading," says Batchelar. "Companies don't want to individually manage, educate, and administrate each individual security solution. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.