troubleshooting faqs
What can I do to make my network secure?
Halt - Who goes there? A Guide to Network Security
The very fact that you rely on Information Technology to run your business could actually put your business at risk. The media is full of computer crime stories involving hackers, viruses, industrial espionage and fraud. So what can you do to protect your business, its infrastructure and information?
First, you must identify your enemy. External attacks come in several forms: -
Hacking which includes soft hacking (where someone gets inside your network and is simply looking around) and hard hacking (which involves malicious intent to damage your business whilst in your network).
A common danger is viruses - programmes that are loaded onto your computer without your knowledge and run without your consent. Even a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. The recent 'Shakira's Pictures' virus enticed e-mail users by promising to display pictures of pop star Shakira. Once opened it sent itself to everyone in the affected user's address book, blocking mail servers and causing major business disruption.
A 'denial of service' attack also poses a significant risk. This is a type of attack that is designed to bring a network to its knees by flooding it with useless traffic.
But not all attacks are external and those that directly affect your bottom line are more likely to come from your own staff. According to last year's FBI/CSI computer crime report, more than 75 per cent of all financial losses resulting from computer crime came from internal intrusions.
This is simply because it is usually easier to infiltrate a company from the inside because most organisations focus on defending the perimeter and pay less attention to hostile internal activity.
So what can you do to protect your business? Here are some top tips:
1) Ensure your network infrastructure security is continually updated with the latest virus checking software and firewalls.
2) Implement passwords and ensure your staff don't write them down and stick them to their monitors. Make sure these passwords are changed regularly and are not easy to guess. It is amazing to find the number of people whose passwords are their names, their company names or simply 'password'.
3) Remove unecessary remote dial-in facilities. These provide a significant point of weakness into the company's network.
4) Ensure all staff 'lock' their workstation when they are away from their desk. Failure to do so gives opportunistic employees the chance to access confidential information.
5) Implement physical security measures. Not all attacks are electronic so put restricted access in place for sensitive areas such as server rooms.
6) Use your network capabilities to monitor who is logged in and where and when they have access.