E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Southtown Star

Posted on February 22, 2008

      If your company hasn't addressed internal and external security of your computer systems, you are behind the times. It is estimated that 81 percent of all companies have had a data loss or an intruder hack into their systems. The cost of these security breaches runs about $181 per record.

      You need to secure people, processes and technology. Most security systems don't address all three of these. Five years ago, a simple firewall was enough, but it isn't anymore. You need firewalls, internal and external (to trap Trojans inside your network), intrusion detection and prevention, application scanners, anti-virus, anti-spam and an educated workforce.

      Unfortunately, sometimes people are helpful to each other. Access to your server room is prohibited, but you may be surprised at how easy it is to get to a file server. Once a person gets into your office, a thief can go and pick up your server and carry it out. Your server should be secured and logged off.

      How about those backup tapes? If you value your information, they should not be left on top of the server. In a fire, you would lose your equipment and your backup.

      People also should not use simple words for their passwords. Most computer systems are available through the Internet, so accessing a person's ID and password may be possible through brute force.

      Your system should examine the logs of who logs in and where they are logging in from. I don't recommend you go to Starbucks and log in to your corporate computer system.

      You should standardize your processes and require the changing of passwords on a regular basis. Monthly or quarterly is a must. Tracking the storage in use by each person also is important. A spike in storage is a clue to finding a problem.

      Also, the date and times of system access should be noted because access in the middle of the night from a strange IP address could be a clue to a security breach. Log, log and log more. You must review the logs to make sure there are no anomalies.

      Finally, you need to secure your technology. This means doing your security updates regularly. Some people never have updated their application software.

      You need to make sure your Web browser is up to date and your office software is up to date. If it isn't, you are leaving a hole open in your technology.

      The ability to secure your technology is the easiest task ahead of you. Securing your people and processes are more difficult. Start with reminders - e-mails and expiring passwords send a great message to the employees that you are concerned with security. Adding swipe systems for access to your office or your server room is another way to show your company that security is very important.

      Training is another important aspect of securing your system. Being educated on the types of hacks and cracks in the general public helps your internal security staff learn what security measures should be taken.

      Finally, you should rename your administrator account and have two securely named administrator accounts that are available only to the people who need them.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.