Special Report on Business Computing: Accidents are more likely than infiltrators: With ease of use comes ease of access. Julia Newman reports on measures to protect systems

Click to follow
Indy Lifestyle Online
CURRENT computing philsophy is much to blame for breaches of security. With ease of use comes ease of access - which lays the system open to abuse.

The National Computing Centre estimates that poor IT security cost British companies pounds 1.1bn in 1991 - enough to persuade companies that security has now become a vital and everyday issue.

The buzzwords 'hacking' and 'virus' have fired the public imagination (and that of the press) but it is important to get things in proportion. The fact is that everyday perils such as accidental loss of data through human error, fire and power cuts pose a greater threat to most businesses than outside infiltration. The biggest single cause of computer downtime and loss of data is power failure. The first line of defence in security terms must always be for a company to ensure that it has regular and thorough back-up procedures.

Another essential measure in a 'fault tolerant' environment is to prevent the corruption or loss of data through power fluctuations. Uninterruptable power supply units provide a constant and even mains supply and battery back-up in the event of a power cut.

Hackers and viruses are costly nuisances (the National Computing Centre has reported that the average cost of a diagnosing and curing a virus infection is pounds 12,000) but both, fortunately, can be guarded against. One effective defence against hackers, for example, is simply to disable modems out of office hours, to prevent remote access to a computer system.

Many viruses confine themselves to advertising their presence by displaying unexpected messages (a sort of on-screen graffiti); others are far more destructive and can corrupt some or all of the data on a hard disk.

There are many anti-virus software tools on the market. Some merely detect viruses, others delete infected files and restore the hard disk. Users need to ensure they are sent regular updates as new strains of virus emerge.

But mischief-makers from outside the company are not the only problem. Most security breaches are perpetrated by members of a company's own staff. In the first instance the breach is usually accidental, and the theft or fraud that results is opportunistic in nature, according to the Association of Professional Computer Consultants.

Companies need to create an atmosphere in which employees are highly conscious of security. It is important not to trivialise the issue but to make it part of office procedure or even the contract of employment. Employees need to know that loading their own software or making copies of company software will not only be frowned upon but regarded as fraud and a sackable offence.

Companies should also ensure they are making full use of the resources already available to them. An example is to enforce the use of passwords which have to be regularly changed, and requesting that users choose unpredictable passwords rather than ones any colleague could guess.

Additional aids on the market include software tools which can restrict the use of certain programs and protect files, partitions or a whole hard disk from unauthorised access.

The PC manufacturer, Apricot, has made a selling point of building in software and hardware security features to its PCs. Apricot's own LOC Technology includes features such as access by infra-red card, an audit trail of all attempts to access the system, the ability to restrict access to disk drives, modems, printers and expansion cards, and shutdown of a PC when it is unattended. A subset of these features is available to users of non-Apricot PCs if they fit an Apricot AdLOC card.

Very sophisticated means of restricting access to computer systems are now available, including retina scan, fingerprint, voice print or hand shape recognition, but there seems to be only one real candidate for widespread business use: signature recognition. This method verifies a signature written on an electronic tablet, which costs around pounds 100 per workstation. Given that sales of pen-based computers are expected to increase rapidly over the next few years, this could be the way forward.

As a fallback position, companies can always opt for breakdown insurance as an alternative to a maintenance contract. A scheme provided by Burnett Associates', for example, pays for repair and additionally covers the 'increased cost of working' to get data re-input and the system back up and running.

Comments