Thursday April 23 2009

Use a credible system to secure your company's data

By Mike Segawa


Your company's secrets can run out of your office on cyberwings. What would you do if your BlackBerrys, iPhones and thumb drives go missing?

Mr. Thomas Bbosa, Managing Director of Bitwork Technologies, an IT systems integrator company based in Lugogo - UMA Show Grounds, says that the security of your company's data is a business concern rather than being just a technical issue.

For this reason he says that any serious business executive should prioritise this matter. He says however, most organisations have neither trained their staff or introduced safe mechanism to ensure that their organization are not caught pants down in case a catastrophe falls.

“Most companies, more so the SMEs, lack procedures and systems in place to protect their documents and data," he said, “data is an asset and it should be protected like the company's premises, cars, and any other assets."

Bbosa says that because humans, are considered as a major weakness in systems security, it is not enough to have a password and think the individual or company's information is safe. He quips that some people write down their passwords on sticky notes or give them out at will, others even use simple password like their spouse's or children's names that can easily be guessed, and also most organisation don't have controls over the usage of removable media like flashdisks, floppy disks etc.

Whereas every organisation makes effort to ensure its vehicles, premises, furniture and computer hardware are safe, very few pay the same or even more attention to the lifeline of the organisation data.

In today's information age, every company's business processes have some component of automation, thus transactions and business information are kept as soft data, but most management and custodians of this data, do less to ensure their safety.
In the wake of a flood, robbery or a deadly virus attack, most organisation may stay put as they may not have any back up to the data they had stored on their systems.

Bitwork Technologies, a company that specialise in information systems security, has a range of products that if put in place, can act as insurance in the wake of any threat to the company's data.

Bbosa says, putting in place sound security policies and systems like firewalls, anti-virus, anti-spam, end-point security for removable media etc... reduces the dangers of waking up one day when the company does not have its data in place. He adds that since, spammers, virus makers and hackers have made a multi-million industry in cyber crime, every organization should have a budget to put in place sound security systems.

Bbosa says that there are chances that one disgruntled staff could be selling your business secrets to your competitor, and he adds, it is possible to hold one accountable for their actions, with the use of computer systems which are already available on the market.

Hackers have made it their business to antagonise systems and online business and by extension, the data backbone of various organisations and this is where every organisation needs to be vigilant.

Bitwork technologies have introduced “do-it-yourself" programmes in which the company staff can be given security training awareness in how to look out for possible threats and boot them before they hurt the organisation.

On top of that, they supply I.T solutions that can protect the organization's cyber threats; these include Enterprise anti-spam systems, anti-virus solutions, data recovery solutions, endpoint device control solutions, firewalls, intrusion prevention and detection systems among others.

In order to curb security threats and fraud, Bbosa says that depending on the budget, organisations need to look at security from three layers, first is the physical security, that covers things like security guards, fences, locks, biometric systems etc.., the second facet which is usually ignored by many organisations is the dministrative security, that should include having a written security plan as part of the overall company strategic plan, conducting systems security awareness training, separation of duties, job rotations, mandatory vacations for staff among others . The last component is the technical security that deals with the logical implementation of technologies like anti-virus, anti-spam, and firewalls.

Some other organisations can also provide security to wireless communications, VoIP and IP telephony, Web servers and browsers and database servers.
Bbosa says that in case of banks, and other sensitive organisation, data leakage prevention (DLP) should be well streamlined. Data leakage prevention encompasses the tools that prevent accidental data leakage, including device and port control, encryption (both hard-drive and removable media encryption) and content inspection.

He says with the increase of portable storage devices in today corporate world, it is difficult for IT departments to be aware of every single device employees bring in the organisation that has connected or is connecting to the corporate network and even more importantly, what data they could be downloading.

A large majority of companies do not have strict policies for managing desktops and laptops, endpoint security solutions in place that log or block removable device connections to the network and Bbosa warns that the risk from the organisation's standpoint is that confidential corporate data is easily downloaded to and stored on the device, leaving sensitive data at risk if the device is lost or stolen.

“Every hard drive and portable storage device represents a risk if it contains data that could be used to harm, distress or embarrass a company, government or an individual," Bbosa says, and “that is where putting information security systems and procedures in place would ensure the company's data is safe."

Even if the data is lost or stolen, a well designed security policy and data recovery programme can help not only track down who is responsible but also ensure business continuity.