|
|
Beginners
How To Guide
eSecurity
Many
companies are becoming increasingly reliant on email
and other Internet applications. More and more people
are carrying invaluable data around in laptops, personal
digital organisers etc. Employees, Customers, suppliers,
contractors, and business partners are now routinely
allowed access to critical business data and the systems
that process and store it. This has created growing
risks including:
- loosing
valuable data;
- the
potentially serious consequences of unauthorised access to confidential data
- the
possibility of the business grinding to a halt due to the failure of computer
systems which you now depend upon for your day to operations.
IT
Security is thus vital. It needs to be addressed before you suffer problems. The
only effective way to do this is to draw up a security policy. This beginner's
guide is designed to highlight the basic considerations in developing such a policy.
- Your
policy should be designed to guard against a variety of threats to your IT security
including: -
-
Internal and Unintentional (e.g. untrained workers),
-
Internal and Intentional (e.g. disgruntled employees)
-
External (e.g. hackers, laptop thieves)
- eSecurity
is in many ways like physical security; it requires a mix of technology and procedures;
it costs money; it can never be 100% effective; the challenge is to select the
right level of security for your particular business
- There
are five primary steps to developing a good eSecurity programme and these are;
-
analyse and assess your requirements
-
design a policy with the right mix of technical, procedural and organisational
controls- Implement the policy; appoint an individual to take responsibility for
it
-
Ensure security is an integral part of day-to-day activities.
- Look
for continuous improvement and keep abreast of changes in the security and business
environments.
- Provide
each employee with enough access to do their job but no more.
- Consider
the security implications before agreeing to allow
customers, employees working from home etc. remote
access to your IT system and before allowing staff
to take laptops or other mobile devices outside
the premises.
- Have
a clear policy in relation to the use of passwords e.g.: no sharing; no writing
them on the computer; avoiding easy to guess passwords; changing them regularly;
disabling them once an employee leaves etc.
- Use
System Monitoring Including Audit Trail and Logging.
- Implement
a clear Anti-virus policy buying Anti-Virus software
solutions that allow real time upgrading of systems
with anti-virus patches e.g. mcAfee, Symantec etc.
and make sure they are updated.
- Have
a Disaster Recovery Plan and keep back-up information off-site.
- Once
you have drawn up a documented policy you must address the need to build awareness,
train staff, record activity and review the security architecture as things change
over time.
- Finally
just as with physical security, vigilance is vital to ensure people are not careless
about the rules and do not get into the habit of taking short cuts, however, busy
they may be.
For
more detailed information, read the Advanced "How
To" Guide
on eSecurity
|
|
