Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


BEWARE THE SECURITY ENEMY WITHIN

Source: Vnunet.com

Posted on June 16, 2001

      Why is it that, when four out of five IT-related crimes are committed from within an organization, most companies still believe that the only threat comes from faceless hackers and virus writers? External threats should be taken seriously, and protection put in place, but nobody knows your security loopholes better than your employees.

      Despite their common occurrence, internal security breaches go largely unreported. What company wants to publicize that sensitive information has been accessed from within? Employees understand in detail how their organization's systems work. If someone has access to passwords they also have access to confidential information.

      An expert can also exploit software loopholes or weaknesses to introduce viruses or gain access, or use hacking tools designed for Denial of Service, intrusion or password cracking to cause mayhem. Employees can unwittingly open a company's innermost secrets through sheer carelessness, and the most damaging viruses have spread because people open email attachments.

      Another problem is remote workers turning off security protection on laptops. Intrusion detection, antivirus software, firewalls, network scanning, encryption and triple A can be employed to provide an effective and co-ordinated set of defences. It is important to create security zones with varying access rights.

      Passwords and policies need to be changed regularly, and for really sensitive information it is worth considering physical measures such as restricted areas, card keys and biometrics. However, companies need to ensure that the security measures taken are appropriate -- don't spend vast amounts of money protecting worthless data.

      Even the most comprehensive security system is a waste of money without a clear security policy and culture. Attitudes to employee email and Internet abuse are often lax and this can lead to internal security breaches. Staff must be vigilant and aware of potential dangers.

      Internal breaches, whether malicious or careless, should be dealt with according to a disciplinary code laid out in an employee's contract. Security must be top of the agenda when mapping out company policy.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.