Information Security for SMEs

This article explores computer security, aiming to give businesses an insight into why they must be proactive in protecting their systems. There are many aspects to security on the Internet and a lot has been made recently of the security of e-commerce transactions. Whilst many of the security issues that a website administrator faces are similar to those that your businesses computers are threatened with, this column will concentrate on how and why you should secure your internal IT investment. The Internet in its current state is similar to a city with no locks on the doors of its houses, where computers can be thought of as houses and the networks making up the Internet, the city streets. Computers as they are sold today are inherently insecure, allowing access to anyone with a bit of curiosity or malicious intent. As businesses come to rely more and more on electronic information (not least e-mail), the potential disruption caused by a data burglary, informational arson attack or digital graffiti has reached a level that businesses should not ignore The threat Any computer on the Internet exposes a series of ports through which information flows. By default these are all open and unlocked. Whilst many of them may lead to empty rooms or brick walls, an attacker will only need to find one port vulnerable to attack for the whole system to be compromised. Even if your ports are secure; intruders can get into your computer in a Trojan horse. A piece of software disguised as something useful can contain a malicious sub-program to install a backdoor into your system. Often these programs claim to give something for free or display small games whilst an attacker has a good nose around One of the most worrying developments has been the proliferation of automated attacks. These can be run from an attacker's computer, scanning hundreds or thousands of computers in a day; or can be the self-replicating Internet worm. These are a hybrid of virus programs and computer security attacks. In worst-case scenarios, they can bring whole segments of the Internet to a standstill. Attacks on your information can be carried out for as varied reasons as an arsonist burns things, a robber steals things or kids spray-paint walls. An electronic attack could leave you with no data (imagine losing your accounts the day before your filing date), data that has been altered in subtle ways (imagine your accounts with 10% taken off each figure), a website that is 'owned' by a teenager in another country or an office full of computers that no longer do the job for which they were intended. When we drive a car we are accepting and using a set of standards that have evolved since the turn of the century to ensure safety, convenience and fair access for all users of the road system. Some of these standards are globally accepted (for instance a road is made from tarmac and wheels are made from rubber) whilst others vary from country to country (for example if we drive on the left or the right). The practical upshot of these standards is that a car designed and built for use in one country can be safely used in another (possibly with a little bit of inconvenience). The aftermath Attacks on your information can be carried out for as varied reasons as an arsonist burns things, a robber steals things or kids spray-paint walls. An electronic attack could leave you with no data (imagine losing your accounts the day before your filing date), data that has been altered in subtle ways (imagine your accounts with 10% taken off each figure), a website that is 'owned' by a teenager in another country or an office full of computers that no longer do the job for which they were intended. Almost worse than losing all your data (because we know you keep a regular backup), is having your system infected with a worm program. In some cases this can leave your computer unknowingly sending an attack the way of all your contacts. Alternatively, your computer could be under the complete control of a third-party, who is using your processor, memory and hard-disk for their own purposes. What can I do to stop it? Just as it is not the councils responsibility to stop burglars coming down your street, in the UK there is very little responsibility on ISPs to prevent attacks. If your systems are not locked (with firewall software), alarmed (with an intrusion detection system) and insured (by taking a daily backup) you have no-one to blame but yourself. There are three pieces of software that every business needs to at least consider. I cannot over-emphasise the need for an up-to-date virus scanning program. Most reputable products will scan for and remove some Internet worms and some Trojan horses; however they will not detect other types of attack. For those attacks a good firewall package is essential. Installing one of these programs is akin to fitting locks to your doors and windows. Finally an intrusion detection system (IDS) is similar to an alarm system, warning you of a potential attack. In my opinion all businesses should have a solid anti-virus policy as well as a good firewall. Whichever solution you choose at the end of the day, you must fully understand its capabilities or it will be as effective as not having anything at all. Keep an eye on patches Most electronic attacks exploit a mistake in the program code of the software you use. Responsible software vendors will issue a 'patch' that resolves each issue as soon as it is brought to their attention. You will find that many software companies have e-mail lists that you can subscribe to in order to be notified of new problems and patches. This patching mechanism makes up the software industry's response to the hacker community. If you are applying your patches diligently, the security of your computer systems depend on how far ahead either side is. It is therefore good practice to have a complete security audit of your systems by an external consultant twice a year or more often if you rely heavily on your data. It won't happen to me Your business network is constantly being probed by hackers on the Internet looking for ways into your data. Most attacks occur without the user even knowing that a system is compromised. Our systems at FWOSS get probed three or four times a week, so our firewall is invaluable in ensuring they get no further. What can I do in the case of an attack? Of course your regular backup provides your ultimate safety-net, but as the effects of different electronic attacks are so varied there are no hard and fast rules to recovery. It is very much a case of prevention being better than cure; therefore you should think about installing an anti-virus program, firewall and intrusion detection system. You should keep a daily backup; check if your systems need patching weekly; and have a security audit bi-annually or more frequently.