The number of viruses and hackers is on the rise. With so much sensitive data available through an Internet connection, your company may be vulnerable to attack.
But with some simple vigilance, you can protect yourself from the vast majority of all attacks without ever putting your data at risk.
First, never assume that a hacker wouldn’t be interested in your system.
“There is not generally a difference between big firms and small,” says Tom Patterson, author of “Mapping Security.” “First, you have to be noticed. If you are doing something more high-profile than your peers, then you are more likely to be looked at.
“The thing criminals are looking for is an aggregation of something they find valuable. You could be a small company, but if, by the nature of the business, you take a lot of credit card information online, then you are more likely to be a target.”
Hackers are looking for efficiency for their efforts and don’t want to steal one credit card number at a time. The more information you have, the more you are at risk. And the threat isn’t just limited to credit card numbers.
“It doesn’t have to be customer or credit card information,” says Patterson. “It might be aggregated employee information. Health care providers’ patient information is a big risk. And just because you are less likely to be noticed for a targeted attack doesn’t mean you can ignore the threat.
“There are plenty of viruses and worms looking for your system that will shut down your computer and turn it into a zombie.”
The easiest thing to do to avoid these threats is simple: Patch.
“All the software out there has known holes,” says Patterson. “There are always holes in big complex programs. There are also lots of people around the world who are looking to make things safer.”
Software companies constantly issue patches to plug these holes. These patches are almost always a free download from the company’s Web site.
“But people don’t do it,” says Patterson. “If they did do it, they wouldn’t have to worry about 99.9 percent of the threats you read about. Update the patches for your operating system, applications, desktops and update your virus scanner information and subscribe to one of the big services.
“By the time a new virus gets to you, if you have patched, it will probably bounce right off. It gets rid of the nontargeted nuisance stuff. If you are a potential target, then you need to look at doing extra things.”
If you are processing transactions through the Web, you are more of a target. Patterson says that a commonly used entrance into a company’s intranet is through its automatic job posting database.
“If you post jobs like that, or if you have more internal systems available on the Web, then you are more vulnerable,” says Patterson.
Effective security requires involvement at the highest levels.
* CFOs should be involved because of Sarbanes-Oxley requirements. “CFOs now need to care,” says Patterson. “Be involved and ask the vendor how it will directly affect the applicable security and privacy regulations. Make the vendor do the work.”
* CEOs are directly responsible for security throughout the company. They should know who else is responsible for security and what is needed to do the job right.
* CSO or chief security officer is a position that should be considered. This person takes on the role of overseeing all security and works closely with the heads of all departments to close all security holes.
How to reach: Tom Patterson, www.mappingsecurity.com
