Five Steps to Better IT Security

Five Steps to Better IT Security

When the Georgia Tech Information Security Center (GTISC) released its list of emerging cyber threats for 2009, the news wasn’t good for companies that use computers in the course of business. Sophistication of threats continues to rise, says the GTISC, as do the number of cyber criminals who are seeking not only data and information, but also profitability from their activities.

In its report, the GTISC outlines the top cyber security areas where threats are expected to increase and evolve in the next 12 months. At the top of the list is malware (a program or file that is designed to specifically damage or disrupt a system); followed by botnets (networks of “zombie” computers controlled by a single entity); and cyber warfare (including targets on the U.S. economy and infrastructure).

The bad news is that these cyber threats can hit companies of all sizes that do business online, whether they’re selling products and services, purchasing raw goods, banking on the Web, or all of the above. The good news is that there are steps that companies can take to ward off and/or minimize the damage inflicted by online crooks:

Evaluate Your Vulnerabilities
No matter how big or small your company is, know that there are indeed risks to doing business online. While a small accounting firm may not possess a huge database of customer credit card numbers, be assured that its IT system contains something of value to hackers. “Figure out what you need to protect,” advises Michelle Drolet, CEO at Towerwall, a Framingham, Mass.-based security consultancy. Key areas to consider include intellectual property, employee data and company financials — all of which could be of value to cyber-crooks looking to make money online.

Establish Best Practices
Once you’ve figured out what would be of most value to a criminal, you’ll want to use tools such as firewalls, software patch updates, employee education, and strong company policies to protect the data, information, and systems associated with those particular areas. For some companies, best practices could mean implementing a firewall, adding an intrusion detection system, and keeping both updated, while other firms may need a more sophisticated approach to IT security, Drolet says. As you establish these practices, realize that computer users tend to be the weakest link in any security program, with their propensity to open e-mail messages from unknown sources and utilize overly simple passwords. “Put together a user awareness program that takes into account not only the protection of company systems via frequent scans for malware and botnets, but that also addresses issues like document shredding and protection of customer data,” Drolet says.

Make Security a Priority
Yes, we know you have a 100 other things on your to-do list, but adding online security to that list is a must do for all companies right now, says Steve Hurst, product director for AT&T Managed Security Services in Bedminster, New Jersey. Start by viewing security not as an afterthought, but as part of your