MY home PC recently went kaput, leaving me bereft of internet connection for days as I looked around for a solution, writes business editor David Tooley.
The experts who got to look at my desktop told me I had been hit by keylogging trojans.
That is, nasty files from crooks intent on nicking my details. Luckily, I haven’t lost any money... yet.
I was told even the best security wasn’t a 100 per cent guarantee. So I’ve changed passwords, installed new anti-virus software and made sure my firewall is up to date.
For me, a few days offline felt debilitating. But for a business it could have spelled disaster.
The loss of sensitive or critical information may damage a reputation that has taken years to establish. A positive reputation may be impossible to restore.
Companies rely more and more on IT to support activities and they are vulnerable to threats from hackers, viruses and even staff.
But having a well thought out and implemented security policy can help businesses control and secure information from malicious changes and deletions or from unauthorised disclosure.
And in case things go belly up it’s vital to have a continuity plan in place. And also insurance to cover at least some of the costs.
Deliberate hacking can be the most severe threat. Hackers may try to access sensitive data then alter, destroy or copy it, with disastrous consequences.
Websites can be altered to damage reputation or direct customers to other sites. Then there’s fraud after hackers gain access to financial details.
Employees and hackers may unintentionally or maliciously compromise data and apps.
Business Link says one of the biggest causes of security breaches at work is the mishandling of log-in details or passwords by employees.
Viruses are often contained in email attachments, often as ‘.exe’ or ‘.scr’ files. They can also be picked up when visiting malicious websites.
Viruses can also be transferred between computers via infected USB flash drives and other external media such as infected CDs.
Another risk can come from the use of social networking sites. Hackers add links in posts that take people to dangerous websites.
Businesses needn’t be defenceless. As a minimum, there should be a properly configured firewall for your internet connection. Then there’s virus, spyware and email attachment content scanners. It may be worth restricting the use of USB flash drives.
The British Standards Institution has information on security management best practice. It may also be worth investing in awareness training for employees. But if the worst happens, consider a continuity plan, which I didn’t need but your business could depend on.