Securing Your Company's Computer System

By David Bobart



Half of the hits an average company's web site receives are hackers or viruses trying to break into the web server. Most businesses don't view themselves as targets or understand that most of these attacks are indiscriminate. Prior to the Internet, most security risks were internal, and viruses were introduced through removable media like floppy disks and CD-ROMs. However, exposure to the Internet and its resources has made computer systems more susceptible to security threats. In today's market, businesses not only have to be aware of the potential threats posed by hackers and viruses, but must work to safeguard their computer systems before it's too late.

By damaging operating systems and applications, impacting networking and e-mail systems and limiting data accessibility, viruses can prove detrimental to your business's computer systems. More complex computer systems are statistically more likely to fall victim to hacking, as are applications involving human resources and payroll. Individuals who have remote access to your system and telecommuters can also increase your company's potential threat. Your business should have a security policy in place to handle potential issues.

A security policy should begin with an assessment of the potential risk posed to your business's computer systems. Ask questions to determine the value of your information and your liability if someone accessed that information. Does your system contain financial information? Information that could lead to identity theft? Information about individual property rights? Legally confidential employee information? Information that would violate new HIPAA guidelines? The more valuable the information in your computer system could be to a potential hacker, the more vulnerable your system is to an attack.

A firewall between the network and the Internet that restricts inbound and outbound traffic will decrease the security risk posed to your computer system. Additionally, anti-virus software should be installed on every computer. The software must have an aggressive configuration and be updated continually. Your company's computer system should be backed up on a daily basis, with a copy of the backup tapes stored at an offsite location.

Securing your company's computer systems takes a commitment of time and resources. If you have an IT department, it should be responsible for maintaining and updating your security systems. If not, assign a staff member the responsibility of tracking the maintenance of software, including anti-virus updates, and reviewing the security log information. However, because of the complex nature of Internet security issues and the constantly evolving technology, securing your business's computer systems can require significant expertise.

Inexpensive resources are available online at securityfocus.com or sans.org. More reliable security provisions are available by outsourcing to Internet security companies. A private company will perform an audit of your computer and network systems and work to build a security infrastructure with operations and maintenance plans. Recommendations for the purchase of security software will be made and security functions, including intrusion detection and firewall monitoring, are performed. Because web security involves many facets, including application software, operating system security and network technology as well as an ongoing process of monitoring and software maintenance, businesses that are more vulnerable to potential threats should consider using a company that specializes in web security.



David Bobart is president and co-founder of DMA Technologies. Founded in Baltimore in 1995, DMA Technologies provides a full range of information security services and custom web application development. He can be reached at 410-323-2279.