Printer Friendly

Computer protection should not be left to chance.

Computer Protection Should Not Be Left to Chance

Safeguarding computers and all the precious--and irreplaceable--data in a system is an integral part of protecting the assets of a company. Risk managers increasingly have become aware of the variety of risks of computer technology, especially when it comes to their company's data systems.

The first step to managing the liabilities of computer systems is to look at all of the company's exposures. "Look at all aspects of the company's computer use and seek estimates of the costs of disruption," advises Michael Gauthier, a consultant with the Lexington, MA-based Temple, Barker & Sloane, Inc. But be prepared for high estimates, he says, because in an information-intensive industries, such as the airlines, a computer disaster could easily shut down companies.

Next, risk managers should determine those risks that are adequately covered and those that are not. Each risk should be matched with safeguards, such as disaster recovery, or insurance. "As companies become increasingly dependent on information systems and the data they process and store, computer security is one area where solutions must be in place before problems arise," says Mr. Gauthier.

Indeed, experts agree that the potential for damage in the computer area is unlimited. Every ounce of protection is worth a ton of cure. And the risks to hardware, software, operating systems and data can wipe out a company's bottom line. Computer World magazine's most recent report on the subject estimates that about 90,000 business computers have caught viruses.

Given the enormous potential for loss, there are several new programs on the market which identify and kill computer viruses. For instance, National DataGuard Technologies markets a software system, Lifeguard, which is designed to protect data and assure data recovery. Lifeguard, which integrates with any disaster recovery system, streamlines storage costs by identifying critical data sets, verifying backup data sets, auditing offsite data availability, generating recovery documentation, supporting data set and providing full volume recovery strategies.

Lifeguard can be run against a specific job or an entire critical job list. Critical data sets are identified as those as input into a job prior to being output from a job within a given job stream. Lifeguard then determines whether the critical data sets have been backed up. Reports include which data sets were identified as critical, including data set name, device type and backup data set name when created within a job stream. They will also identify which jobs could not be found and indicate areas of vulnerability due to incomplete analysis.

Virus identification programs, however, are not effective against all viruses. Thus, the risk of virus attack should be minimized by limiting public domain software, maintaining wire-protected master copies of software and data and backing up operating systems onto diskettes. Indisputably, the safest and most reliable defense is frequent backup.

Another way to handle the virus problem is to purchase insurance protection, which is becoming more and more of a necessity. Insurance companies are expanding their computer coverages to include coverage for computer viruses. For example, the Northbrook Property and Casualty Insurance Company recently announced that it has enhanced its computer policies to encompass coverage for viruses. The coverage includes expenses incurred in extracting a computer virus and restoring damaged property to its condition prior to loss. There is reimbursement for equipment, data, media and extra expense up to $100,000 on any covered computer virus loss.

Likewise, Firemen's Fund has entered the market with an Electronic Data Processing Coverage, which can be purchased separately or added to an existing policy. The policy covers losses caused by viral destruction, including the cost of data reconstruction and business interruption. The company outlines some cues when a virus is present, some of which are displaying of error messages, decreased memory available, longer start-up or access time, missing files or data, unexpected system crashes and unexplained printing problems.

Hardware is Vulnerable Too

The proper design, installation and testing of halon gas and a sprinkler system is essential to computer loss control. According to Gary S. Muck, a loss control specialist for Crum & Forster Commercial Insurance, unless a halon system can produce and maintain the minimum 5 percent concentration of halon gas, a computer facility is a catastrophe waiting to happen. He says the inability to reach the necessary gas concentration levels are due to problems such as computer facility doors not closing or the air ventilation system not shutting off when a fire is detected, thereby dispersing the halon gas to other areas of the building.

Mr. Muck recommends that risk managers submit fire protection plans before a computer facility is constructed to prevent deficiencies from being built in. He said sprinklers are needed because of the unusually high amount of combustibles in the computer room, including paper and disc packs.
COPYRIGHT 1989 Risk Management Society Publishing, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1989 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Oshins, Alice H.
Publication:Risk Management
Article Type:column
Date:Oct 1, 1989
Previous Article:Tactics for combatting employee-related crime.
Next Article:London market clings to its old ways.

Related Articles
Bug bytes.
Mark Johnston: Comments on `lunatic` owners can be harmful.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters