Dynamic Business

Dynamic Business Magazine – Articles from Australia
The hardest part was having the courage to take the first step. Abigail Forsyth... read more
internet-security-230x300

Email to a Friend
| March 6, 2009
Comments | 1

Business guide to internet security

How to assess your risks
Security starts with putting a business value on different kinds of risks so that you can allocate resources to reducing them. It makes sense to prioritise: you don’t have an infinite IT budget, and some risks are more threatening than others. Therefore, the first step is not about technology, it is about asking some simple business questions.

1.    What are you trying to protect? Typical issues include legal requirements, such as the Privacy Act, and professional obligations such as client confidentiality. Then there are straightforward business issues. Nobody wants to publicise sensitive information like plans, lists of potential customers and so on. You may have specific IT systems such as your email, ecommerce site and accounting records. Don’t forget intangibles such as management time, IT resources, your company’s reputation and morale.

2.    What are the risks? There are external risks, such as viruses and hackers. There are legal threats, such as the risk of employee misbehaviour landing your organisation in court, or government tribunal.

3.    Who is responsible for IT security? It is not enough to delegate the question to your IT department or supplier. You need to see IT security as a business-wide issue and address it at an owner/director level. If you know what you want to protect and what the risks are, setting priorities, delegating responsibility and allocating budgets all fall in line with what is important to the business. Which manager is going to take the lead? Who is responsible for creating and implementing a plan? What budgets are available and appropriate? One useful approach is to compare your IT security budget with your insurance costs.

4.    Where’s the plan? Even if it is a couple of pages, an IT security plan is the first step to protecting your business. It’s better to have a good plan now – and carry it out – than a perfect plan next year. Do you have the right software and technology? Do you have appropriate staff policies and training? What is the budget and timetable?

What to do about it

●    Virus and spyware protection. You need to stop viruses and other unwanted programs from getting in the door. With thousands of new virus variants materialising each month, it is critical that your protection is able to keep up with new and previously un-known threats as they emerge.

●    Spam filtering. Blocking spam will save employees time and reduce the risk of fraud from phishing emails.

●    Firewall. A firewall will stop viruses that spread directly over the internet, and it can also keep hackers away from your network and servers.

●    Access control. Make sure your employees only have access to the information they need to do their job. To give an obvious example, don’t let the whole company have access to payroll records.

●    Policy enforcement. You need effective policies about employee use of the internet backed up with training that covers policies and practical matters such as the use of strong passwords. Technology can help enforce company policies on appropriate use of the internet, by blocking the downloads of inappropriate images or intercepting attempts to send certain information by email.

●    Encryption. Consider encrypting data on laptops and other portable devices to prevent thieves accessing sensitive information if they are stolen. Also, consider email encryption to protect the confidentiality of messages between your business and its partners. By default, email travelling over the internet is not encrypted which means it can be read – like the text on a postcard – as it moves from sender to recipient.

●    Physical security. Don’t forget that a stolen server is as much of a risk as a virus-infested one. Locks, alarms, secure server rooms and visitor access control are all essential to your IT security plan.

●    Backup. Critical data, including email archives and business databases, need to be regularly backed up with copies stored offsite. Test the restore process regularly too.

●    Software updates. Make sure all the computers in your business are kept up to date with manufacturers’ updates. These are published regularly by the major vendors and fix known flaws and vulnerabilities. Virus writers exploit these vulnerabilities to attack people who do not update quickly enough.

People who read this, also liked:
Top 5 tips for protecting SMB Endpoint Devices
Protecting your business from cyber crime

Pages: 1 2

Related Articles

Comment



Need a Gravatar (the image next to your comments)? Visit Gravatar.com

Comments from the community

  • Thaddaeus Aende says:
    May 8, 2010 at 5:15 am

    How secured are business transactions on internate?

    Reply