stty consulting › our future

Information & Systems Risk :: page 2


The main technology related risks are:

Breaches in established defences, poor configuration without risk analysis

Sabotage of data or systems, malicious software

The following actions will help reduce the potential impact of these risks.

Keep up-to-date checks in place for malicious programs, like viruses and spyware. Screen email leaving the business, and coming in. Keep firewalls up to date with a practical schedule of checks and ensure that automatic anti-virus and spyware updates haven't been switched off.

Protect important equipment with surge protectors, uninterruptible power supplies, and, for equipment your business cannot operate without, consider a stand-by power supply or generator.

If you know about a weakness or vulnerability in your IT systems, don't ignore it - find out what you can do to reduce the risk and make sure defences are implemented and maintained.

Make regular back-ups that reflect the frequency of change and the importance of information stored on your business computers. Test that original information can be retrieved from the back-ups.

Use sufficiently strong passwords and change them regularly. Never click 'remember me' or 'remember me on this computer' features. Keep security tokens separate from machines.

Encrypt information with technology appropriate to its sensitivity and value.

Install physical security devices on critical system equipment.

If you don't use a facility, close or delete it. Close unused firewall ports. Make sure the default policy on all computer facilities is disabled. Disable guest accounts.

Never underestimate how attractive laptops, mobile phones and PDAs are. But consider even more carefully how valuable the information stored on them could be. Keep mobile devices with you, or locked up. Encrypt what's important and make sure that passwords are set and comply with your password policy.

If you think that you have been a victim of e-crime - including misuse of your IT by anyone who has access to it - you may need a computer forensics service. Touch nothing - even switching on a PC or viewing a file will corrupt the evidence.

Physically remove sensitive information from laptops, including deleting 'cookies' regularly.

The links below provide additional information and resources:

IT security: the basics

Identifying and managing risks to your business

Keeping your systems and data secure

Securing your wireless systems

Securing your e-commerce systems

page 1 :: page 3