Column: Ten IT weaknesses and how to correct them
We”™ve all heard stories about hacking into websites and breaches of infrastructure. There are dozens of reasons a company may be vulnerable. Let”™s look at 10.
No. 1: Attitude. Management may view their infrastructure through the prism of “If it isn”™t broken, it”™s probably fine.” Yet there is a lack of understanding of what “probably fine” really means. The 30,000-foot-view may work well for some aspects of business, but not when it comes to a company”™s information security.
No. 2: Lack of Leadership. That”™s not saying the CEO is a bad leader, but he or she may not understand what can happen when things go wrong in information technology. While operational IT issues should be handled by an IT professional, executives must foster a corporate culture of information privacy and security that transcends just keeping the systems running.
No. 3: Absence of Procedures/Procedural Knowledge. Incorporating information technology policies into a good Acceptable Use Policy can go far toward keeping IT systems and information secure. Yet many businesses neglect the need for strong policy surrounding technology. For companies with guidelines in place, the next challenge is communication. Technological rules do no good if employees don”™t know the rules.
No. 4: Careless Behavior. A business may have appropriate IT procedures in place, but a lack of appreciation regarding their importance can easily lead employees to careless behavior with serious, unintended consequences (like unknowingly clicking on an infected email that unleashes a virus and wipes out your network). Make sure employees understand the warning signs, and proceed with caution.
No. 5: The Rogue Employee. It”™s important for executives to recognize the signs of a disgruntled worker and to have policies in place minimizing their access to technology. In one instance, we know of an IT director who got angry at her boss and unplugged his computer from the network. Granted, a reprimanded employee isn”™t necessarily going to work to undermine your IT system, but it”™s important to recognize the risk (as well as to foster a happy work environment).
No. 6: Information Dissemination. How information is disseminated is critical, and giving away secret information has disastrous consequences. Companies need to make sure they understand what information could potentially offer hackers the crucial data they need and how to safeguard it.
No. 7: Mobile Technology. Do your employees check work email on their personal phones or laptops? Do they use thumb drives that are not specified solely for work purposes or are self-provided? Recognize that these devices may offer access to malware and other viruses. A mobile device policy is imperative.
No. 8: Mismanagement of End Points. For the company that comes up short on protecting information, the theft or misappropriation of data can cost it tens of millions of dollars. People who are serious about IT put in place either a quality outside IT partner or, if they do their work internally, tools to prevent and identify damage before it gets bad. Incorporating remote management and monitoring allows either an internal IT director or an outside company to quite literally manage the end point ”” physical work station, server, switches, routers, devices ”” and to deal with threats.
No. 9: An Unhealthy Network. A network monitoring tool monitors all of the traffic on the network, the devices that are attached to the network, how well the traffic is flowing, the speed and accessibility of the Internet, and the back and forth between the company”™s internet and intranet. Is the firewall protecting you adequately? A network monitoring tool will tell you immediately.
No. 10: An Unsecure Network. Businesses need to protect from the perimeter down to the workstation and server and back out to the internet. Make certain you have a unified threat management appliance. It is effectively a firewall with a subscription that provides protection from intrusion, allows content filtering, checks visited websites and prevents malicious sites from bringing data back in.
Deep levels of protection are available fairly economically, either for the do-it-yourselfer or for the business owner who uses an outside firm. A lack of protection might be cheaper now, but could spell financial disaster in the future.
Al Alper is CEO and founder of Absolute Logic, 44 Old Ridgefield Road in Wilton (www.absolutelogic.com). Since 1991, the company has provided technical support and technology consulting to businesses of up to 250 employees in Connecticut and New York. Alper speaks nationally on IT and security issues and authored the book, “Revealed! The Secrets to Hiring the Right Computer Consultant.” He can be contacted at al.alper@absolutelogic.com or at 203-936-6680.