Almost daily we are swamped with media reports and anecdotes
about Internet worms, viruses, and worse, direct remote attacks
launched against organizations of all sizes. In recent years, most
large corporations and agencies have invested considerable time and
money in protecting computer resources, privacy and information.
Still, we know that newer, ever more sophisticated exploits are
discovered in the wild
at an alarming rate.
Less publicized, but equally alarming (some would say more alarming), are the internal security risks faced by every organization that depends on computer systems of any size or description. Even a simple PC containing accounting records and customer information for your small business is at risk. Would your business survive the deletion or destruction of everything on your hard drive? What about your customers' credit card numbers appearing on some faraway website? Trade secrets? The list goes on.
Large, medium or small enterprise, most managers are aware of these risks -- frequently having been enlightened by painful experience! All share a common dilemma:
Dealing with security is time consuming and often expensive. How do you mitigate the risk while getting on with the core business of the organization?
Clearly, the long answer is exceedingly complex and begins with performing a detailed formal risk assessment. This comes at considerable expense, even for large organizations (and we can only hope our banks and government departments holding our most precious information are willing to pay the price). But all is not lost for the rest of us; there are, in fact, many short answers.
You can begin with the risk assessment, but it need not be formal or expensive. Simply ask yourself what your business can afford to lose, in terms of computer systems, information (data) and goodwill. Then make a list defining the specific entities that need special attention. In general, hardware will be the least of your worries -- it's relatively cheap, readily available and probably insured.
Now that you know what needs protection, consider from whom it needs protection. Not every would-be attacker is skulking around in some dark corner of the virtual Internet world. Security experts agree that some 70-80% of corporate system security breaches occur from within. (These figures probably include employee mistakes, but mistakes represent security issues none-the-less. Consider that no one can lose what they don't have access to in the first place).
Of course, protection comes at a price. You are ready to decide what your business can afford, in terms of both time and money. This step cannot easily be done by anyone else, as only you can assign values to your time, resources and intangibles. Just remember that much can be done at no cost at all. Like locking your doors at the end of the day, simply following computer security best-practices goes a long way. (On the other hand, simply buying a firewall and virus software -- in the absence of other security best-practices -- is a waste of money when a trusted employee's weak password is published to the world).
Finally, you might expect that it's time to implement your security measures. Not quite. First you need to create a policy document. This can be as simple as a one page statement defining your security goals, or it can be quite detailed indeed. But it is important to state, at minimum, what you must protect and from whom (or what) it needs protection. Having completed the previous steps, this step should be easy.
Now you are ready to take action!
At The Bitmill®, we have considerable experience with large systems administration and security in an Internet environment. As consultants we are available to provide professional guidance and support for all your computer security needs. As software developers, we are committed to creating affordable quality security tools for any enterprise, small or large. And as a young company, we are only just beginning to achieve these goals.
What keeps you up at night? How can we help? We are very interested in hearing your comments, suggestions and requirements! These will help guide our course as we grow.
We look forward to hearing from you. Please contact us!
Knowledge is power. The Bitmill Inc. encourages links to our site. To link to this page, please cut and paste the following HTML code into your web page source file.
<a href="http://www.thebitmill.com/articles/security.html">Computer Security and Your Enterprise</a>
Your link will look like this:
Computer Security and Your Enterprise
Thank you for your interest and support.