Printer Friendly

Managing IT threats.

Many CPAs have learned the hard way that security technology alone can't protect a computer network. Computer users perform common tasks every day that can compromise the security of their computers and networks.

Leaving employees uninformed about security issues can expose a business to unnecessary risks that may impact corporate revenue and work force productivity--harsh consequences for CPAs who regularly rely on computers to perform their jobs.

Many people who think they are protected remain at risk and computer users must be aware of common security mistakes--and take measures to avoid them.


We take e-mail for granted. Many can't remember life without it. Yet e-mail, especially through message attachments, is a common way to spread viruses and one of the biggest computer security threats.


If an employee opens unsolicited e-mail attachments or does not scan attached documents for viruses before opening them, a computer or network becomes vulnerable to attack. One of the easiest precautions to take is to warn employees against opening e-mails or attachments from unexpected or unrecognizable sources.

In addition, antivirus software should be installed on each computer and updated frequently to ensure protection against the latest security threats. Installing Internet security technologies also can provide e-mail screening capabilities to filter out spam that may contain viruses and other threats.


The Internet has become a means of survival in the business world, yet computers with constant DSL or cable Internet connections are particularly susceptible to hackers. This constant connection to large amounts of bandwidth allows for easier outside access to unprotected computers and networks.

Firewalls can block unauthorized access to a computer and prevent information from leaving a computer. In addition, intrusion detection software can alert the computer user when an attempt is being made to gain access to the computer and its information.

Even innocent Internet surfing, such as checking the day's news headlines, increases security risks by increasing the possibility of exposure to unsecured websites that use ActiveX or Java computer languages. While many websites employ these languages, most larger and more popular sites take necessary security measures to protect visitors against hacker attempts.

However, if a computer user stumbles upon an unsecured website, ActiveX or Java languages can be used to create malicious code that can communicate directly with the user's machine, giving hackers access to computer data and the entire network. To elude this vulnerability, employees should avoid browsing the Internet and visiting unfrequented websites not pertinent to business needs.


Instant messaging is an efficient and popular means of business communications, but repeated file transfers through IM programs can cause the spread of traditional threats.

IM systems were not designed with security in mind, so they lack encryption capabilities, which makes it easy for an outsider to eavesdrop on confidential conversations. Also, messages can bypass traditional corporate firewalls, making it difficult for administrators to control use inside an organization.

In addition, most IM systems have insecure password management, making them vulnerable to invaders who can pose as a familiar user or recognized associate to gain access to privileged information. A simple solution is to prohibit the use of IM.


Employees may receive more than they anticipate when downloading seemingly harmless files from peer-to-peer networks like Kazaa. Files on these networks sometimes contain a virus. These threats often can mask their file extensions as common music files. Employees must use caution when downloading music, free software or screen savers from unknown sources. File sharing programs also open a user's computer to spyware that allows the program author or other network users to see an employee's computer activity and use computer resources without the employee's knowledge.

The worst thing a company can do is have a false sense of security because it has taken some steps to secure its IT systems. Technology is an important part of any security program, but a program is only as strong as its weakest link. All it takes is one careless or uninformed computer user to open the company to risk.

Tom Powledge is director of product management for the Client and Host Security Division at Symantec Corp. You can reach him at
COPYRIGHT 2004 California Society of Certified Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:DataSecurity
Author:Powledge, Tom
Publication:California CPA
Geographic Code:1U9CA
Date:Aug 1, 2004
Previous Article:A place of one's own.
Next Article:Tax-free disability benefits: new IRS ruling allows favorable treatment.

Related Articles
Bomb threat guidelines for association events.
Symantec provides U.S. Department of Defense with security intelligence.
Next-generation pervasive security mode.
Symantec Managed Security Services offers new Secure Internet Interface.
Two approaches to managing information risks: when managing information risks, is it better to use an event-based or a records and information...
Total web threat protection.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |