The importance of understanding internet security in modern business
In recent years, almost all companies, regardless of size, have come to rely on the Internet as a means of connecting with customers and maintaining contact with employees working away from the office. As computer systems have become ever more complex and businesses have increased their dependence on the Web in order to remain competitive. Unfortunately, there has been a similar growth in the incidence and sophistication of cyber crime.
Today, multinationals spend vast amounts of money on Internet security, yet even they occasionally fall victim to hackers. These people might be individuals who hold grudges or simply get a kick out of overcoming supposedly secure systems and spreading viruses, or organized criminal gangs intent on stealing personal financial information. Even the governments of certain countries have been found sponsoring teams of professional hackers.
The Internet has revolutionized the way companies connect with their customer base and even the smallest business now has access to a global market. Products such as cloud-based enterprise resource planning systems (ERP) are available to all; not too long ago ERP databases were so astronomically expensive to install and maintain that only the biggest corporations could afford them. In the not too distance future it seems that individuals and companies of all sizes will be taking what is seen as the final step, the complete integration of Internet, mobile communication devices and home and office control systems; the IoE (the Internet of Everything).
IoE promises much, yet it will still be vulnerable to attack by unscrupulous criminals who are intent on either causing mass disruption or making a financial gain at the expense of innocent law-abiding citizens. Fortunately, there are a number of simple steps that both individuals and businesses can take to protect themselves and their assets from such dangers.
Implementing ongoing staff training is an obvious place to start improving internet security. How many times have you been in an office and seen staff downloading music from questionable websites and you must have noticed passwords written on scraps of paper or post-it notes attached to monitors? Training at this level costs virtually nothing, but should result in a significant reduction in the volume of viruses your IT manager has to deal with and the number of security breaches experienced. The only way to change an employee’s attitude to IT security is by constantly reinforcing good practice.
IT is worthwhile establishing a small team, or even one person, to check the vulnerability of your company’s Internet security. The way this works is that a member of the team makes phone calls and sends simulated phishing emails designed to extract phone numbers or other information from employees.
Linking an employee’s performance evaluation to how closely he or she complies with your company’s IT security policy is becoming a more common practice. Another technique that is widely used is to block access to certain types of websites and to install data loss protection software to prevent sensitive information being transmitted via the Internet.
Install security systems
All your computers should have the latest version of web browser, operating system, and software security software installed. Of course, it is also essential to ensure updates and latest versions are installed as soon as they are released and to run a security scan immediately after any updates.
An Internet firewall should be installed on all computers, including those used by employees working remotely from the office or at home. Similarly, mobile devices, such as smartphones and tablets must be password protected; have security apps to prevent anyone accessing information when they are being used on public networks, and data should be encrypted.
Company Wi-Fi networks are vulnerable unless protected by SSID (Service Set Identifier) and router access should be password protected.
Provide user accounts for each employee and use personal passwords to restrict access to individual computers. Only specific employees should be authorized to install software and no single individual should have access to all databases.
One of the most important and frequently overlooked tasks relating to IT security is to perform backups on a regular basis. The automatic backup software is readily available or you may prefer to do it manually. Whichever solution you choose to be sure to take them at least every week and either store the backups in a fireproof safe or in an entirely separate location away from the office. Cloud based systems tend to take backups automatically and store them on remote servers.
Where you can have online dealing with your bank; for example when employee payments details are transmitted via the Internet, you are advised to use a separate computer specifically for that purpose. Additional security measures are likely to be insisted upon by the bank.
The Internet has changed the way we do business out of all recognition over the past 20 years and security systems have been developed to combat the risk of becoming the victim of cyber-crime. By being careful and taking a few simple precautions there is no reason why you and your company should not remain safe in the future.