Information Security for SMEs
This article explores computer security, aiming to give
businesses an insight into why they must be proactive in
protecting their systems. There are many aspects to security on
the Internet and a lot has been made recently of the security of
e-commerce transactions. Whilst many of the security issues that
a website administrator faces are similar to those that your
businesses computers are threatened with, this column will
concentrate on how and why you should secure your internal IT
investment.
The Internet in its current state is similar to a city with no
locks on the doors of its houses, where computers can be thought
of as houses and the networks making up the Internet, the city
streets. Computers as they are sold today are inherently
insecure, allowing access to anyone with a bit of curiosity or
malicious intent. As businesses come to rely more and more on
electronic information (not least e-mail), the potential
disruption caused by a data burglary, informational arson attack
or digital graffiti has reached a level that businesses should
not ignore
The threat Any computer on the Internet exposes a series of
ports through which information flows. By default these are all
open and unlocked. Whilst many of them may lead to empty rooms
or brick walls, an attacker will only need to find one port
vulnerable to attack for the whole system to be compromised.
Even if your ports are secure; intruders can get into your
computer in a Trojan horse. A piece of software disguised as
something useful can contain a malicious sub-program to install
a backdoor into your system. Often these programs claim to give
something for free or display small games whilst an attacker has
a good nose around
One of the most worrying developments has been the proliferation
of automated attacks. These can be run from an attacker's
computer, scanning hundreds or thousands of computers in a day;
or can be the self-replicating Internet worm. These are a hybrid
of virus programs and computer security attacks. In worst-case
scenarios, they can bring whole segments of the Internet to a
standstill.
Attacks on your information can be carried out for as varied
reasons as an arsonist burns things, a robber steals things or
kids spray-paint walls. An electronic attack could leave you
with no data (imagine losing your accounts the day before your
filing date), data that has been altered in subtle ways (imagine
your accounts with 10% taken off each figure), a website that is
'owned' by a teenager in another country or an office full of
computers that no longer do the job for which they were
intended.
When we drive a car we are accepting and using a set of
standards that have evolved since the turn of the century to
ensure safety, convenience and fair access for all users of the
road system. Some of these standards are globally accepted (for
instance a road is made from tarmac and wheels are made from
rubber) whilst others vary from country to country (for example
if we drive on the left or the right). The practical upshot of
these standards is that a car designed and built for use in one
country can be safely used in another (possibly with a little
bit of inconvenience).
The aftermath Attacks on your information can be carried out for
as varied reasons as an arsonist burns things, a robber steals
things or kids spray-paint walls. An electronic attack could
leave you with no data (imagine losing your accounts the day
before your filing date), data that has been altered in subtle
ways (imagine your accounts with 10% taken off each figure), a
website that is 'owned' by a teenager in another country or an
office full of computers that no longer do the job for which
they were intended.
Almost worse than losing all your data (because we know you keep
a regular backup), is having your system infected with a worm
program. In some cases this can leave your computer unknowingly
sending an attack the way of all your contacts. Alternatively,
your computer could be under the complete control of a
third-party, who is using your processor, memory and hard-disk
for their own purposes.
What can I do to stop it? Just as it is not the councils
responsibility to stop burglars coming down your street, in the
UK there is very little responsibility on ISPs to prevent
attacks. If your systems are not locked (with firewall
software), alarmed (with an intrusion detection system) and
insured (by taking a daily backup) you have no-one to blame but
yourself.
There are three pieces of software that every business needs to
at least consider. I cannot over-emphasise the need for an
up-to-date virus scanning program. Most reputable products will
scan for and remove some Internet worms and some Trojan horses;
however they will not detect other types of attack. For those
attacks a good firewall package is essential. Installing one of
these programs is akin to fitting locks to your doors and
windows. Finally an intrusion detection system (IDS) is similar
to an alarm system, warning you of a potential attack.
In my opinion all businesses should have a solid anti-virus
policy as well as a good firewall. Whichever solution you choose
at the end of the day, you must fully understand its
capabilities or it will be as effective as not having anything
at all.
Keep an eye on patches Most electronic attacks exploit a mistake
in the program code of the software you use. Responsible
software vendors will issue a 'patch' that resolves each issue
as soon as it is brought to their attention. You will find that
many software companies have e-mail lists that you can subscribe
to in order to be notified of new problems and patches.
This patching mechanism makes up the software industry's
response to the hacker community. If you are applying your
patches diligently, the security of your computer systems depend
on how far ahead either side is. It is therefore good practice
to have a complete security audit of your systems by an external
consultant twice a year or more often if you rely heavily on
your data.
It won't happen to me Your business network is constantly being
probed by hackers on the Internet looking for ways into your
data. Most attacks occur without the user even knowing that a
system is compromised. Our systems at FWOSS get probed three or
four times a week, so our firewall is invaluable in ensuring
they get no further.
What can I do in the case of an attack? Of course your regular
backup provides your ultimate safety-net, but as the effects of
different electronic attacks are so varied there are no hard and
fast rules to recovery.
It is very much a case of prevention being better than cure;
therefore you should think about installing an anti-virus
program, firewall and intrusion detection system. You should
keep a daily backup; check if your systems need patching weekly;
and have a security audit bi-annually or more frequently.