Managing IT threats.
Leaving employees uninformed about security issues can expose a business to unnecessary risks that may impact corporate revenue and work force productivity--harsh consequences for CPAs who regularly rely on computers to perform their jobs.
Many people who think they are protected remain at risk and computer users must be aware of common security mistakes--and take measures to avoid them.
We take e-mail for granted. Many can't remember life without it. Yet e-mail, especially through message attachments, is a common way to spread viruses and one of the biggest computer security threats.
If an employee opens unsolicited e-mail attachments or does not scan attached documents for viruses before opening them, a computer or network becomes vulnerable to attack. One of the easiest precautions to take is to warn employees against opening e-mails or attachments from unexpected or unrecognizable sources.
In addition, antivirus software should be installed on each computer and updated frequently to ensure protection against the latest security threats. Installing Internet security technologies also can provide e-mail screening capabilities to filter out spam that may contain viruses and other threats.
The Internet has become a means of survival in the business world, yet computers with constant DSL or cable Internet connections are particularly susceptible to hackers. This constant connection to large amounts of bandwidth allows for easier outside access to unprotected computers and networks.
Firewalls can block unauthorized access to a computer and prevent information from leaving a computer. In addition, intrusion detection software can alert the computer user when an attempt is being made to gain access to the computer and its information.
Even innocent Internet surfing, such as checking the day's news headlines, increases security risks by increasing the possibility of exposure to unsecured websites that use ActiveX or Java computer languages. While many websites employ these languages, most larger and more popular sites take necessary security measures to protect visitors against hacker attempts.
However, if a computer user stumbles upon an unsecured website, ActiveX or Java languages can be used to create malicious code that can communicate directly with the user's machine, giving hackers access to computer data and the entire network. To elude this vulnerability, employees should avoid browsing the Internet and visiting unfrequented websites not pertinent to business needs.
Instant messaging is an efficient and popular means of business communications, but repeated file transfers through IM programs can cause the spread of traditional threats.
IM systems were not designed with security in mind, so they lack encryption capabilities, which makes it easy for an outsider to eavesdrop on confidential conversations. Also, messages can bypass traditional corporate firewalls, making it difficult for administrators to control use inside an organization.
In addition, most IM systems have insecure password management, making them vulnerable to invaders who can pose as a familiar user or recognized associate to gain access to privileged information. A simple solution is to prohibit the use of IM.
Employees may receive more than they anticipate when downloading seemingly harmless files from peer-to-peer networks like Kazaa. Files on these networks sometimes contain a virus. These threats often can mask their file extensions as common music files. Employees must use caution when downloading music, free software or screen savers from unknown sources. File sharing programs also open a user's computer to spyware that allows the program author or other network users to see an employee's computer activity and use computer resources without the employee's knowledge.
The worst thing a company can do is have a false sense of security because it has taken some steps to secure its IT systems. Technology is an important part of any security program, but a program is only as strong as its weakest link. All it takes is one careless or uninformed computer user to open the company to risk.
Tom Powledge is director of product management for the Client and Host Security Division at Symantec Corp. You can reach him at Symantec@connectpr.com.
|Printer friendly Cite/link Email Feedback|
|Date:||Aug 1, 2004|
|Previous Article:||A place of one's own.|
|Next Article:||Tax-free disability benefits: new IRS ruling allows favorable treatment.|