Printer Friendly

The P's and Q's of protecting your PCs.

PERSONAL COMPUTER (PC) USE IN the 1990s has been explosive, with the desktop replacing the data center as the backbone of corporate data processing. Worldwide, millions of PCs and workstations process information. It is not uncommon in the United States for an organization to have thousands of PCs. Yet only a small percentage of companies have a PC information protection plan. This lack of protection is astounding considering the amount of sensitive information in desktop systems.

With the fast-paced growth of the PC, corporate information is widely dispersed and easily accessible by many people. Stand-alone machines often contain confidential reports and statistics. When these machines are connected via a local area network (LAN), they offer access to even more corporate information.

Information can be downloaded from a mainframe to a PC. Laptop and notebook PCs, while convenient, allow sensitive information to leave the office and become vulnerable targets for destruction or theft. Finally, computers can be victims of viruses, either unknowingly or by an individual with malicious intent. The challenge of the '90s is to balance the power and flexibility of PCs with access control of information.

The current trend is to lower processing costs by downsizing from mainframes to networks. Accounting, administration, finance, research and development, sales, and marketing functions are now processed by comprehensive PC- and LAN-based software packages. These PCs are not protected by the security traditionally associated with a mainframe data center.

Unprotected PCs can cost a corporation money by increasing its exposure to risk. When information resided solely on a mainframe in the data center, organizations rarely worried about information protection. Only specified personnel had access to the machines, and often only those individuals understood how they worked. The risk exposure was limited to the confines of the data center itself.

Sensitive information is no longer safe behind the data center's security barrier. Anyone with limited PC knowledge can cause problems ranging from corporate espionage to simple user error. Corporations may spend thousands of dollars cleaning up catastrophes.

Computer viruses--programs that infect other programs with contaminant codes--are a threat to corporate information. Many corporations use scanning software to monitor viral intrusions. Yet scanners cannot keep up with the viruses being created every day.

And although scanners can detect the virus, they cannot always prevent it from doing damage. Data may be destroyed before users have time to remove the infected program.

Virus detection is one step in the protection process. However, the main benefit lies in preventing damage to data and the spread of the virus. Only an effective security system can accomplish detection and prevention.

The PC's power has increased so rapidly that corporations are often unaware of the threat to their information. To establish an effective information security plan, an organization must acknowledge that it has information requiring protection.

Next, the organization must develop specific plans for protecting information wherever it resides. These plans should encompass both networked and standalone computers.

A strong information protection plan must include an enterprise-wide approach to security management. With PCs dispersed throughout an organization, security standards should be easy to implement and administer. Designating levels of security administration is essential. No single employee should have absolute control or responsibility for this task.

Information protection must also appear simple to the day-to-day user. PC users should need only to enter an ID code and password. Otherwise, machines should operate just as they did before security was applied, with appropriate restrictions to a PC's resources. In all cases, PC security should be transparent, quietly protecting resources without impeding productivity.

An effective PC security system can pay for itself by auditing computer use. These audit reports monitor hardware and software use, allowing administrators to analyze future needs.

In most organizations an imbalance is growing between the desire for more hardware and software and actual need. For example, should an entire department upgrade its machines? Does everyone need a spreadsheet software package?

Million-dollar purchasing decisions are often made without a thorough use analysis. A well-tailored report can help administrators zero in on genuine needs and provide data to support expenditures.

PC and workstation information protection is a requirement for today's businesses. Ask yourself the following questions to determine your organization's needs:

* Does your company have confidential information stored on PCs?

* Can sensitive information be downloaded to PCs from your mainframe?

* Who controls access to PCs?

* Does everyone in your organization understand the need for security and the privacy of privileged information?

* How often is information copied to floppy diskettes, and who receives this information in the process?

* Does your company have any information security measures currently in place for employees to follow?

* Does the organization rely solely on scanners to detect viruses?

* What is the value of your organization's information?

* What are the legal ramifications of a security breach?

The bottom line for any corporation thinking about information protection is this: If PCs are not protected throughout your organization, you may lose a valuable corporate asset that is at risk--information.

John D. Worthen is president and CEO of PYRAMID Development Corporation, a supplier of workstation information protection systems.

Requirements for an Information Protection System

An effective information protection system must:

* control access to hardware as well as data and sensitive applications;

* be transparent to the user and secure resources without intruding on user productivity;

* be easy to install and have a flexible, modular design, allowing the user to select security features pertinent to his or her organization;

* be enterprise-wide and allow administrators to install and maintain multiple PCs;

* provide the ability to lock in security standards on every PC;

* require minimal administrative and user training;

* have comprehensive administrative features;

* have a virus prevention system that alerts users to a virus's presence and prevents the virus from inflicting damage and spreading; and

* have audit trail capability.
COPYRIGHT 1992 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1992 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:personal computer
Author:Worthen, John D.
Publication:Security Management
Date:Sep 1, 1992
Previous Article:A prudent approach to municipal investigations.
Next Article:Solving the patient protection problem.

Related Articles
CHK 1-2-3.
H-P Will Split into Two, Separating Instruments from Computers.
Reduction in Payments on Anniversary Date Did Not Convert Disability Pension into Retirement Income.
H-P Will Split into Two, Separating Instruments from Computers.
Man sues "Fear Factor" after getting sick--isn't that the point? Paralegal sues for $25 million after he claims the NBC show made him ill.
Abecedary Musings.
Internet Security 2006 also spyware 2006.
Security news and products; avanquest UK launches PC-Cillin from Trend-Micro.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters