stty consulting › our future
Information & Systems Risk :: page 2
Technology
The main technology related risks are:
Breaches in established defences, poor configuration without risk analysis
Sabotage of data or systems, malicious software
The following actions will help reduce the potential impact of these risks.
Keep up-to-date checks in place for malicious programs, like viruses and spyware. Screen email leaving the business, and coming in. Keep firewalls up to date with a practical schedule of checks and ensure that automatic anti-virus and spyware updates haven't been switched off.
Protect important equipment with surge protectors, uninterruptible power supplies, and, for equipment your business cannot operate without, consider a stand-by power supply or generator.
If you know about a weakness or vulnerability in your IT systems, don't ignore it - find out what you can do to reduce the risk and make sure defences are implemented and maintained.
Make regular back-ups that reflect the frequency of change and the importance of information stored on your business computers. Test that original information can be retrieved from the back-ups.
Use sufficiently strong passwords and change them regularly. Never click 'remember me' or 'remember me on this computer' features. Keep security tokens separate from machines.
Encrypt information with technology appropriate to its sensitivity and value.
Install physical security devices on critical system equipment.
If you don't use a facility, close or delete it. Close unused firewall ports. Make sure the default policy on all computer facilities is disabled. Disable guest accounts.
Never underestimate how attractive laptops, mobile phones and PDAs are. But consider even more carefully how valuable the information stored on them could be. Keep mobile devices with you, or locked up. Encrypt what's important and make sure that passwords are set and comply with your password policy.
If you think that you have been a victim of e-crime - including misuse of your IT by anyone who has access to it - you may need a computer forensics service. Touch nothing - even switching on a PC or viewing a file will corrupt the evidence.
Physically remove sensitive information from laptops, including deleting 'cookies' regularly.
The links below provide additional information and resources:
Identifying and managing risks to your business
Keeping your systems and data secure
Securing your wireless systems
Securing your e-commerce systems
page 1 :: page 3