“...Now more than ever, businesses need to be concerned about the security of their networks. The number, variety and strength of the threats to computer and network security have dramatically increased and businesses need to be prepared...”
So what is Information Security? Information Security can be defined as the protection of information systems against unauthorized access or modification and against denial of service to authorized users or the provision of service to unauthorized users.
So what new emerging security threats face businesses? Regardless of location or size all business conducts work on the internet and therefore they need to be aware of malware (malicious code) and attacks they are faced with in order to prevent their systems/network from being attacked. Traditional security providers such as MacAfee are focused on protecting computer applications. This is very important; however, it is not enough businesses need to keep a close eye on their employees’ activities on their computer networks. Today’s biggest threats are targeted at the emerging online lifestyle along with the most prominent emerging threats (viruses, worms etc.).
Malware is code installed without the permission or knowledge of the user (employees in the business) such as viruses, Trojans, logic bombs, worms and so on. Two years ago, Malware became one of the leading threats to network security. There have been a number of cases of targeted malware attacks against businesses which usually employ infected MS Office files. However, other techniques were used but this was the most common. As malware continues to grow and attacks become more sophisticated, businesses should be aware of all the possible attacks and how to prevent them and employees should know what to do in the event of an attack.
Mobile Devices is an area of concern for malware attacks. Security risks rise within business with the use of mobile devices. When using mobile devices businesses need to think smart and choose a mobile device with the best built in security controls and put a policy in place to only allow those devices on the network. The device should b e capable of encrypting stored information (providing you have chosen a device with good built in security controls). Each device should require authorisation and employers should ensure that passwords are strong passwords, strong passwords are easy to remember (therefore they don’t need to be recorded) but hard for an attacker to guess. Mobile devices should have the ability to remotely disable in case they are stolen or misplaced. Third party applications must be controlled on device platforms. Firewalls should be put in place to control the types of data that can be accessed in order to limit the exposure. Traffic should be tracked on mobile devices to look for attacks, use intrusion prevention software. Employees should be told to disable Bluetooth when they are not using it.
There are many more security threats facing businesses, especially as they grow with the use of new technologies. Businesses need to be aware of new and existing threats such as spyware, Trojans, worms, spam mail, phishing and many more. Every business should consider security integrated solutions which can be deployed and managed. Organisations can’t rely on basic network security anymore as the threats facing them are more sophisticate so therefore the security of the company needs to be more sophisticated. The security integrated in the organisation should be able to proactively determine where future threats are likely to arise and to ensure the whole network is secured.