|
Cont. from page 2
Education of all online users, not just those in the IT department, is of the utmost importance. Users should not download files from the web (this excludes
HTML files that are automatically cached when accessed.) 44% of respondents revealed that their companies actively monitor and record user access requests to Internet sites. This should not be a secret activity, but
an open one to facilitate self-policing amongst users.
Managers should realize, however, that some users may find such policies restrictive and seek means to contravene them. Some users have made their own dial-up
connections to the Internet by placing a tap on the network LAN. Bypassing the Internet firewall is a very serious offense. But draconian measures that impose a suspicious atmosphere aren't necessary and can be
harmful to staff moral.
"Probably the biggest weak link in most organizations is the receptionist," reports Michael Corby, Consulting Director, M Corby & Associates, who believes that company employees can unintentionally be the source of their greatest vulnerabilities. "I
have heard of numerous stories of people who have called at the reception desk and gotten security passwords and configurations. The hackers do damage, but they only exploit what we give them to use as a way to get
inside the organization."
Management support for information security is soft. According to survey respondents, 41% of senior managers feel that information security is only fairly
important, and 76% of respondent companies spent less than 5% of their IT budget on security measures. (Click on figures 9 and 10)
With most industries, it’s now impossible to separate technology from business, and firms are increasingly becoming more vulnerable to computer attack as they
re-engineer their business processes to incorporate and exploit computerized systems. If the CEO or business president regards information security as only fairly important, then this attitude to security will
filter down the organization. Figures 11 and 12 show the main drawbacks in a firm’s implementation of a security policy. There are many risks
to connecting to the Internet, but solutions do exist.
Firms can protect themselves from all the threats covered in this text and on our “Hack Attacks” page, while exploiting the many benefits of the Internet.
Problems and their solutions are constantly being found. Utilizing the Internet is no longer an option for any expansive business seeking efficiency. Waiting too long to take advantage of proven new technologies
could mean that firms lose irrecoverable ground to competitors in only a few months.
©1998 Colin Germain; updated 2000, Mediagraphics (TM)
|
