Assess e-info vulnerabilities

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

ANALYSIS
No matter whether a security breach is due to an industrial spy, a clever hacker, or, more likely, a hostile or careless employee, in seconds intellectual property and confidential records can be pilfered, communications severed, and data corrupted -- leaving your company exposed to legal and financial liabilities from which it might never recover. To avoid that predicament, Sanford Sherizen, president of Data Security Systems and an expert on electronic information protection and computer crime prevention, suggests that CIOs sit down with internal information security staff to determine whether the company has adequate information protection in place. "The dialogue has to take place at the C-level," explained Sherizen. "I find that a lot of senior managers are quite concerned about [information] security, but they don't know how much is necessary or appropriate before the company can feel safe." Ask these five questions to find out how well your company's information is protected, and follow the tips to ensure that security efforts stay on track. 1. What is being done to protect confidential information from deliberate or inadvertent electronic dissemination?
You need to know what security measures are in place to control the electronic dissemination of company confidential information. This includes everything from customer records and intellectual property to shareholder information, financial documents, and business plans. With a mobile workforce and tight integration with business partner operations, remote access to a company's systems is now commonplace. One good security component, according to Sherizen, is security information awareness training. Determine what, if any, security employee training and programs have been established. The best training approach, according to Sherizen, is one that relates corporate security to home security so that employees can easily understand the corporate issues. "If your employees work outside of the office at night or weekends," said Sherizen, "do you know if your company has established adequate information security rules that must be followed in their homes? If the answer is no, your company may be open to viruses and information leaks." Even major companies like Raytheon, a military equipment contractor based in Massachusetts that likely has a strong internal security program, haven't been immune. An article in the September/October 2000 issue of Group Computing reported that Raytheon sued 21 people for revealing trade secrets in Internet chat rooms. Most were employees at the time of the indiscretion. One technology available to address IM security is messaging filters. Filters can be applied by a corporate set of rules and by lexical analysis of key words and phrases. As the CIO, you must know what's been done -- or not done -- via both technology and policies. 2. What, if any, anti-spam measures are in place?
Know what safeguards are being put in place to ensure network uptime and responsive e-mail delivery to employees, customers, and business partners. If your company engages in service-level agreements that are based on the timely flow of communication, failing to meet contractual obligations often carries stiff penalties. The long-term ramifications of network degradation could be termination of the service contract and loss of future business. Spam can obviously impact SLAs and network flow. Here too, employee education is key. Management must articulate policies regarding spam and internal junk mail. Senders, recipients, and administrators need to understand the havoc that frivolous messages can wreak on vital network performance -- and the long-term repercussions of subpar response times. For example, Bill Fallon, vice president of EasyLink Services, which operates an outsourced e-mail security service called Mailwatch, suggests that companies examine e-mail security systems for protection against oversized electronic greeting cards, which are capable of shutting down an e-mail system. Hoaxes and online social demonstrations ("send an e-mail to protest X") are another area of concern, points out Graham Cluley, senior technology consultant for Sophos, which specialises in antivirus protection. PC users tend to send them to all their contacts in the mistaken belief that they are doing good. "In reality," said Cluley, "these actions waste bandwidth, clog up e-mail servers, and spread disinformation." He recommends that firms instruct employees to send all such e-mails to a single, nominated IT support person who will be responsible for checking out whether the threat is real instead of sending the e-mail to everyone. Proactive identification of spam is critical. IT systems need to be able to detect and block known spam sites and internal junk mail before it replicates and clogs the network. Information security staff must aggressively search out offending sites on a regular basis to keep the list current. Another preventative measure is to automatically block certain file attachments by size, type, structure, user, or domain. CIOs need to ask what's being done, what's not, and why.

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

PatrickG

openhgs has made the point for Windows 8 multiple monitors without realising it! With Windows 7 you have to switch the mouse and so your focus...

36 minutes ago by PatrickG on Windows 8 could speed multi-monitor uptake
Leslie Satenstein

Mozilla has threatened to stop supporting Linux. I guess that UBUNTU is going with another browser. I indicated that if Mozilla stops supporting...

2 hours ago by Leslie Satenstein via Facebook on Firefox rapid release improves Fedora Linux
Andy Bolstridge

Much as I abhor Microsoft's licensing practices, this is almost certainly down to purchasing IT equipment via 3rd party consultants - you get the...

2 hours ago by Andy Bolstridge via Facebook on 6 million wasted licences and £1,200 PCs: welcome to government IT
Jack Schofield

@openhgs Windows users have had multiple desktops since Linus started writing Linux. They just haven't shipped as standard because not enough...

19 hours ago by Jack Schofield on Windows 8 could speed multi-monitor uptake
Jack Schofield

@Phil at Cloud4 What, Microsoft gets £1,200 per PC and £1,622 per server? Gosh, I'm amazed....

19 hours ago by Jack Schofield on 6 million wasted licences and £1,200 PCs: welcome to government IT
craigsc

You guys have no idea what is going on at Autonomy. Autonomy could have been a much more profitable organization. The sales operations at Autonomy...

20 hours ago by craigsc on HP cuts 27,000 staff as Autonomy chief Lynch leaves
Moley

How does this impact on dual or multi booting? Seems to me to more or less prohibit this, from Windows 8 anyway. Will Grub 2 recognise Windows 8,...

21 hours ago by Moley on Windows 8 start-up speed forces USB boot workaround
apexwm

I don't understand why there cannot be a slight pause during the boot process so the user can press a key. Many operating systems do this, even if...

22 hours ago by apexwm on Windows 8 start-up speed forces USB boot workaround
Gavin Goodman

You can now buy the Xi3 modular computer in the UK at http://www.ocdistribution.com . This can be bought with the Tand3m software, pricing and...

22 hours ago by Gavin Goodman on CES 2012: Xi3 microSERV3R
Phil at Cloud4

I agree: Mike Lynch can clearly build a business and manage strategy. I suspect the exit of Mike is more likely the end of a planned handover...

1 day ago by Phil at Cloud4 on HP cuts 27,000 staff as Autonomy chief Lynch leaves
Phil at Cloud4

This is unbeleivable government wastage with only one winner... Microsoft 1 - Tax payer Nil!

1 day ago by Phil at Cloud4 on 6 million wasted licences and £1,200 PCs: welcome to government IT
Mispam

So what do you do when you can't boot into windows? Why can't I just hold Shift while I power up instead of having to boot into windows and click a...

1 day ago by Mispam on Windows 8 start-up speed forces USB boot workaround
apexwm

I've also seen that Mac OS X for Intel machines is supposed to run in VirtualBox, which would also be a nice solution. I've never tried it though.

1 day ago by apexwm on xTreme Triple Booting: Linux, Mac & Windows
dave heasman

What I wonder is why when companies are caught bang to rights in not providing contracted services, people bend over to smear the customers? Surely...

1 day ago by dave heasman on Virgin throttles broadband for high-speed customers
pjc158

Strange statement from HP regarding Mike Lynch and not capable of scaling a company. Autonomy was a $7bn purchase which started as a small company...

1 day ago by pjc158 on HP cuts 27,000 staff as Autonomy chief Lynch leaves
lojolondon

Or - possibly, they will destroy business by ensuring people do not invest where there is no return. Another socialist idea, well beyond it's...

1 day ago by lojolondon on Open Data Institute will act as biz incubator
J.A. Watson

Good stuff Jake, very interesting. Thanks. jw

1 day ago by J.A. Watson on xTreme Triple Booting: Linux, Mac & Windows
openhgs

"the cost of a second LCD screen is about the same as one day of an office worker's time, so this should soon be recouped in extra productivity."...

1 day ago by openhgs on Windows 8 could speed multi-monitor uptake
Thomas Gellhaus

I also installed the KDE version; I also will probably try out razorqt since I really haven't had a chance to before. I'm looking forward to the...

2 days ago by Thomas Gellhaus via Facebook on Mageia 2 Released
francisabigail

Acquiring when reinvention/cannibalization is too challenging for a large organization can be an excellent strategy- still, so many mergers stumble...

2 days ago by francisabigail on Ariba buy parks SAP on Oracle's cloud turf