• Home
• News
• Reports
  • Accounting Systems
  • Automotive - Cars
  • Automotive - Fuel Cards
  • Automotive - GPS
  • Automotive - Vans
  • Cloud Computing
  • Cloud Computing
  • Compliance
  • Computer Security
  • Dictation Digital
  • Disaster Recovery
  • Ecommerce
  • Electronic Invoicing
  • Electronic Storage
  • Email security
  • Environmental
  • Fax Machines
  • Financial
  • Flexible Working
  • Furniture/Office Design
  • Health & Safety
  • Home working
  • ISPs
  • IT Security
  • Insurance
  • MFD Security
  • Mobile Networks
  • Mobile Phones
  • Monitors
  • Multifunctional Devices
  • Online Catalogues
  • Outsourcing
  • PCs - Desktop
  • PCs - Laptops
  • Plants
  • Postal Solutions
  • Printers - Colour
  • Printers - Mono
  • Projectors
  • Recycling
  • Scanners
  • Servers
  • Shredders
  • Social networking
  • Stationery
  • Telephone Systems
  • Unified Convergence
  • Utilities - Electricity
  • Videoconferencing
• Data
  • Product report categories
  • Brands
  • Search data
• Opinion
• Update
• Contact

IT Security

Creating a firewall around your business

Information is an essential resource for all businesses today and is the key to growth and success. However, companies have to ensure that the information held on their IT systems is secure. 

• Accounting Systems
• Automotive - Cars
• Automotive - Fuel Cards
• Automotive - GPS
• Automotive - Vans
• Cloud Computing
• Compliance
• Computer Security
• Dictation Digital
• Disaster Recovery
• Ecommerce
• Electronic Invoicing
• Electronic Storage
• Email security
• Environmental
• Fax Machines
• Financial
• Flexible Working
• Furniture/Office Design
• Health & Safety
• Home working
• ISPs
• IT Security
• Insurance
• MFD Security
• Mobile Networks
• Mobile Phones
• Monitors
• Multifunctional Devices
• Online Catalogues
• Outsourcing
• PCs - Desktop
• PCs - Laptops
• Plants
• Postal Solutions
• Printers - Colour
• Printers - Mono
• Projectors
• Recycling
• Scanners
• Servers
• Shredders
• Social networking
• Stationery
• Telephone Systems
• Unified Convergence
• Utilities - Electricity
• Videoconferencing

 

Creating a firewall around your business

by Robert Munro

Information is an essential resource for all businesses today and is the key to growth and success. However, companies have to ensure that the information held on their IT systems is secure.

With an almost total reliance on digitally captured and managed data storage and communication systems, businesses cannot afford complacency when it comes to IT security.

Threats to the viability of a company via its IT infrastructure are numerous and all have the capacity to inflict considerable commercial damage.

From catastrophic data loss to regulatory sanctions and damaged customer confidence, the consequences of not implementing adequate IT security measures are severe.

The impact of a security breach may be far greater than you would expect.

The loss of sensitive or critical information may not only affect your competitiveness and cash flow but also damage your reputation - something which may have taken you years to establish and which may be impossible to restore.

Internet poses security risk

The internet brings its own security issues which businesses must consider.

Some of the threats from malicious and criminal elements on the internet include gaining access to sensitive data and valuable intellectual property, accessing your website code or stealing financial information about your business and your customers.

Recent examples of security breaches highlight the scale of the breaches. What is so important to remember is that this could happen to your organisation. Just a few of the recent security breaches illustrate the extent of the problem.

The Ministry of Defence has admitted to losing 28 laptops since the beginning of the year. Defence minister Bob Ainsworth revealed the figure on 28 May in response to a written parliamentary question by shadow secretary of state for defence Liam Fox. The laptops were lost between January 1 and 11 May 2009. The MoD also admitted to losing 20 flash drives and four PCs in the same period.

Consultants Atos Origin last year lost a USB memory stick with usernames and passwords for the government Gateway site used to file tax returns and VAT statements

"Data protection must be a matter of good corporate governance and executive teams must ensure they have the right procedures in place to properly protect the personal information entrusted to them," said Mike Gorrill, ICOSymantec is looking into allegations that a call centre in India leaked credit card numbers of its customers to someone who then sold them to BBC News reporters in an undercover investigation. The company has informed UK privacy authorities, plus attorneys general and officials in eight US states and Puerto Rico, of the allegations that three UK customers had credit card information leaked and about 200 US customers may have been affected because of interactions with the call centre, said Symantec spokesman Cris Paden. "We nailed it down to one agent at the call centre [who handled the Symantec customers]," he said.

Four NHS trusts were recently found in breach of the Data Protection Act (DPA) by the Information Commissioner's Office (ICO) after unencrypted data was lost on stolen laptops and USB data sticks. Criticising the NHS trusts involved, ICO assistant information commissioner Mick Gorrill said: "Data protection must be a matter of good corporate governance and executive teams must ensure they have the right procedures in place to properly protect the personal information entrusted to them."

In the latest breach, reported on 28 May, The Pensions Trust confirmed that a laptop containing confidential data on 109,000 Britons was stolen from the offices of its software provider, NorthgateArinso. The laptop contained data from 2007, including names, addresses, National Insurance numbers, salary details and, in some cases, bank details. The data was not encrypted, but the laptop had password protection.

"The Pensions Trust has now withdrawn access to personal member data from NorthgateArinso and has also instructed them to delete any existing personal member data they hold," said Lynda Howe, chair of Verity Trustees, which owns The Pensions Trust's assets.

Encryption - the key to preventing data loss

Despite such catastrophes and their considerable fall-out, many SMEs are still failing to take on the data encryption challenge, particularly at device level, where the risk of data loss is arguably the highest.

Experts feel that a lack of knowledge about encryption and concerns about the costs involved may be behind the lapses.

Butler Group senior research analyst Andy Kellett said: "It is a combination of those things and also a lack of knowledge. Certainly, more organisations are taking more of an interest in the need to encrypt data taken beyond the firewall."

The cloud: web-based apps - the new security challenge

Amid a downturn economy, organisations increasingly look to cloud computing and hosted software services to improve operational efficiency, reduce headcounts and help with the bottom line.

But security and privacy concerns present a strong barrier-to-entry.

In an age when the consequences and potential costs of mistakes are rising fast for companies that handle confidential and private customer data, IT security professionals must develop better ways of evaluating the security and privacy practices of cloud services.

"Organisations should not jump on the cloud wagon without a compelling business driver and a clear understanding of the security, privacy and legal consequences," said Chenxi Wang, Forrester

An effective assessment strategy must cover data protection, compliance, privacy, identity management, secure operations and other related security and legal issues. The ultimate goal: make the cloud service work like your own IT security department and find ways to secure and optimise your investments in the cloud.

The growth of web-based applications has given many SMEs access to a variety of useful software services (SaaS) that can be easily updated.

The technology also provides access to a central business resource - the web server - and through it, the ability to tap into other key information assets, such as database servers.

"While cloud computing is able to deliver many benefits, organisations should not jump on the cloud wagon without a compelling business driver and a clear understanding of the security, privacy and legal consequences," said Forrester principal analyst Chenxi Wang.

"Users of cloud services should not automatically assume that you are sacrificing security by moving into the cloud, but at the same time, you should not trust your cloud provider implicitly to deliver security,' she said.

Meanwhile, when security gurus met in San Francisco in April their main concerns were generated by cloud computing and some hastened to play down the perceived risks.

"Cloud computing is a challenge to security, but one that can be overcome. I believe cloud computing will get to [the point] where no real program will be done anymore on the computers of the company that's doing it," said Sun Microsystems chief security officer Whitfield Diffie, speaking at the RSA security conference.

But concerns were still expressed, with some seeing the cloud as presenting the possibility of a major 'Pearl Harbour' cyber attack that could cripple the West.

"I'm worried about cloud computing," said Weizmann Institute of Science professor Adi Shamir. He explained that while a virus or other problem on a desktop computer can be a big annoyance, computation centres in hosted computing could spread problems more widely.

Despite the debate about cloud computing and security, the concept is here to stay and rapidly moving into the mainstream and it is unlikely that the genie will go back into the bottle. The cloud is a challenge security experts will just have to deal with.

Creating a secure IT network - what you need to consider

• Know the nature of the beast. Monitor the latest information on where the threats are coming from and how best to defend your network
• Keep up to speed with software applications and anti virus programs and perform regular updates, a task which can easily be automatically configured in the application
• Use firewalls to protect your network. Firewalls are specifically designed to block unwanted users from accessing your networks and computers. You have the option of selecting a firewall in the form of a software application or a hardware unit. If you choose a software version of a firewall, you can easily locate free or low cost protection suites. No matter which version you choose, they both work effectively
• Perform regular scans on your network and connected computers. This will help you to quickly identify any current or potential problems in your network. Once these issues have been identified, you can begin working on solutions to make your network stronger and harder to get into. Sometimes networks can become overloaded and congested because of spyware or viruses
• Secure a wireless network. Wireless internet connection is a convenient way to free yourself from messy cables. However, it needs to be secure as well. Hackers and other unwanted guests will constantly try to invade your wireless network without you knowing. Establish a WEP key for your wireless connection and a password. If users cannot provide the correct information, then they will not be able to access it.

Printed from http://www.whattobuyforbusiness.com/reports/11341/Creating_a_firewall_around_your_business.html