Information is critical to all businesses. Storing business information securely on networks is a must for all business. In this article we’ll explain the business risks of insecure networks and how they can be minimised.
What people don’t tend to realise is that even one insecure computer in a network can compromise the entire network. The result of an insecure network can be corrupt or stolen information which can cost a business money, customers and suppliers. If the network is compromised, businesses also face trust issues if customers, clients or staff realise their data has been lost of viewed by 3rd parties. There are more risks to a business than just hackers… risks can include user error, system failure or even natural disaster.
- Data Confidentiality – Keeping data confidential means keeping data out of the wrong hands. If any business data is accidentally leaked or stolen, it can result in a huge loss (financial, logistical or both) and can sometimes put the business out of business altogether or hasten their demise. To combat this, a good information security program can safeguard against any breach in confidentiality. By encrypting confidential data and using user permissions, only users that need access to the data can access it, which is what the goal should be for any network administrator and business.
- Data Integrity – This is used to ensure critical data stays intact and can’t be tampered with. Any data that has been tampered with can cause major failures. An information security program can use tools to track changes to critical files and show when a file has been accessed, any changes that were made and who made the changes.
- Data Availability – The availability of data as and when it is needed and by those who need it. Downtime in business can cause major financial losses and frustration for customers and staff. This is rarely caused by hackers although hacks tend to be the most publicised reasons for outages (such as DDOS attacks or defacing a website by groups such as Anonymous). Floods, fires, power cuts and users accidentally infecting a network via usb sticks (infected by malware, perhaps from their home computers) are common causes of downtime. User error is also a common problem (such as accidentally removing or editing critical files or permissions). Emergency generators, data backups and offsite solutions are some elements a good plan will contain to ensure that system downtime is kept to a minimum.
Wireless
It is relatively cheap and simple to install a wireless system even in a small business as wireless routers and cards are easy and cheap to get. There are numerous issues when operating an unsecured, inadequate wireless network that can expose a business to a number of risks:
- Business Information Loss – If there is an unsecured wireless network in a business, competitors can use unscrupulous methods to gain access to your records. There are programs freely available over the internet that can access information such as customer files, accounts, usernames, passwords and other information available on an unsecured wireless network. This can be particularly damaging for small businesses and can oftne lead to closure.
- Data Loss Issues – Personal data can be targeted through the use of e-mails over an unsecured wireless network. Wireless nodes can be set up to be hidden as part of a network and are used to intercept anything that tries to connect to the strongest signal.
- Reputation Problems – The loss of customers or other businesses can be devastating. The loss of personal information (i.e. usernames, passwords, address, birthdays, credit card data etc…) causes a huge PR problem for businesses. If a company gets a reputation as a place with little to no security in place, customers obviously won’t trust the business in the future and may take their business elsewhere. Businesses could also be sued or face legal implications if their security practices didn’t comply with laws.
- Legal and Financial Problems – Customers who find that their credit card data has been stolen or lost have recourse with their banks, but a business may not. Any data loss can cause customers to take legal action and lawsuits can cost time and money (regardless of the outcome). Even if a businesses insurance liability cover is adequate, the PR fallout from this type of event could be even more costly to a business and that is something that can’t be insured against.
Solutions
Firewalls – If important data is used often, both hardware and software firewalls can and should be used, even if the information is merely names, addresses and emails. This information is useful to hackers who can sell this information on to advertising companies.
Access and Permissions – Should a receptionist be able to access financial accounts and management information? Access to files and networks should be controlled based on what information is needed and who needs it.
Antivirus – No matter what file comes into your system, there is a possibility of it being infected and viruses can open backdoors into your system.
Keep it simple – Look at the resources and equipment that are actually needed and don’t add things that are not. The more computers and devices you have on a network, the more points of access their are to the network.
Inform People – If staff do not know how to secure their own home computer, how do you expect them to keep a networked computer safe? Set out a best practice guide to using a networked system and inform the staff of best practices such as secure passwords, not clicking on suspicious attachments in emails, not downloading and install suspicious files or applications.
Proxy – Using a proxy service can block malicious or junk websites which can infect or redirect you to malicious sites. A proxy can also protect against people going to malicious sites to deliberately infect the network or download software they know they shouldn’t be.