Dealing with e-business security headaches

Don’t believe the hype. That’s the message from analysts who are worried that excessive reporting of virus and hacker threats can throw all kinds of obstacles in front of e-biz development. However, that’s not an excuse to be careless. As Douglas Hurd, business development manager at PGP Security, writes a company needs to adopt an organised approach in order to maximise the benefits on offer.

  • E-Mail
By  James Thornton Published  March 1, 2001

Introduction|~||~||~|E-Business often refers to IT infrastructure as the ‘backbone’ of a company. Collect company data, store it on a server with a host of analysis tools and you have the ‘business brain’. The company website is, of course, the central nervous system. Is it any wonder that we talk about the ‘health’ of a business?
In traditional terms a healthy business is a profitable business that run smoothly and is, by all accounts, successful. In e-business, these terms still stand but the dependence upon the efficiency of the IT network is inextricably linked to overall business performance. Since the days of green screens and mainframes, technology has played a huge part in business process, logistics and administration. Since the dawn of e-business, however, technology’s effect on profit and loss has risen to the top of many business agendas.
So, what are the biggest threats to the health of your network, and therefore the Health of your E-business? Well, as with the human body, the network is vulnerable to infection and collapse if sufficient measures to protect the system are ignored.
On 4th May 2000, a humble e-mail entitled “I Love You” found its way onto the e-mail servers of companies around the world. A week later the now infamous Love Bug virus had cost global e-business an estimated $7.6 billion in downtime. In November of the same year hackers stole into Microsoft’s crown jewels and gained access to the Windows source code, the IT equivalent of the recipe for Coca Cola. According to PriceWaterhouseCoopers, virus and security problems created $1.3 trillion worth of corporate havoc during 2000. It is these types of threats that pose the biggest health risks to e-business today.
There is a lot of hype and myth surrounding the virus and security market. Computer viruses are sometimes referred to as ‘deadly’, when perhaps costly is a more appropriate term. Consumers still express concern regarding online transactions and the security of sending credit card details into the ether. However, credit card fraud over the telephone is far more prevalent than that on the internet. This is not to suggest for one moment that the threats are not real or that these issues should be ignored, but hype can often obstruct informed opinion. This affects the very important decisions businesses need to make to safeguard the corporate network from intrusion and attack.
It is for this reason that Network Associates conducted research into the Health of UK e-business to find out what UK plc has in place to keep the network in check and what awareness companies have of the vulnerabilities that exist in conducting e-business. According to facts and figures provided by the research, British businesses are on the sick list.

||**||Healthcheck research|~||~||~|

Despite the massive growth in the e-conomy and the opportunities provided by that growth, British business, from CEOs to secretaries, still seem ignorant towards security and the basics of using everyday technology. The Healthcheck research showed that the biggest perceived threat to the corporate network was end users. This creates a huge strain on the IT infrastructure and, essentially, it’s not a technology problem. Personnel within an organisation should be aware of the risks surrounding business on the internet. How many of you have ‘password’ or ‘manager’ as your network password, for example? That is the equivalent to an open door, even for the novice hacker.
The people problem raises an interesting quandary from a software perspective. As technology becomes more pervasive within e-business there is a stronger demand on the individual to have a rudimentary understanding of the technology that is part of their working lives. People working on a cash register in a supermarket don’t have to call a helpline every time the till roll needs changing, yet many IT support desk spend their days rebooting PCs and dealing with password queries.
Many anti-virus and security applications are now managed centrally in order to take as much ownership away from the end user as possible. It is apt that this model for distributing virus patches or monitoring for security breaches is enabled by internet technology, however there is still a huge need for end users to become internet or computer ‘savvy’.
Another point of concern raised by the ‘Healthcheck’ research findings was the lack of boardroom control over fundamental issues such as security or e-business strategy. E-business is still seen as a technology issue with the IT director at the helm. At an operational level this appears to make perfect sense, but e-business affects the entire company and therefore requires buy in from the very top to the very bottom of the company infrastructure. It is therefore the case that any directive on this scale, such as security, needs to be driven by the CEO.
A picture is emerging. Chief Executives are not plugged into the security strategy and end users are the biggest threat to the network, this suggests a distinct lack of strategic vision. E-businesses simply cannot afford to assign total responsibility to the IT department for technology issues. Though the accountants are responsible for balancing the books, are they the only people concerned with making the business profitable? Of course not, that is arguably the responsibility of every employee at every level.

||**||Prescription for businesses|~||~||~|

Once we do drill down into the real technology issues we see that businesses also admit their networks are in drastic need of improvement. For example, over half of the companies surveyed did not encrypt confidential corporate data sent via e-mail. That’s like sending confidential reports through the post without sealing the envelope? Again, a rudimentary error that could seriously impact the bottom line.
So what’s our remedy to all of this? As market leaders in network security and management software, what do we advise businesses to do? Well, quite simply, we want them to undergo regular check-up’s to ensure that they’ve got the right strategy in place to protect and maximise their e-business networks and ultimately their businesses.
Network Associates has devised a ‘prescription’ for businesses – a list of suggestions to help them protect business assets and cope with the stresses and strains of e-business. The prescription asks businesses to:

· Elevate the care of your e-business’ health to the board - it’s a strategic issue!

· Construct a practical, easily manageable but comprehensive E-business security policy that reflects your business processes

· Review it and audit it constantly - the world moves at internet speed and there is no room for complacency

· Invest in your e-business security strategy - the ROI will become clear

· Train your users in basic security policy and get their buy in and understanding

· Keep Anti-Virus software constantly up to date - otherwise it is useless!

· Centrally manage your e-business security systems.
But this is only part of the solution. Let's accept we have a problem, understand the damage that can occur if we’re not alert and act quickly.
||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code