New guidelines to safeguard computer data: Firms join forces to combat 'pirates'

Click to follow
The Independent Online
INFORMATION 'pirates' more dangerous than their seventeenth-century counterparts threaten British business through attacks on computer systems, a group of companies warned yesterday.

They had come together to draw up a code of best practice on computer security aimed at protecting business from the massive potential losses caused by breaches of the systems on which their companies now depend.

The group, including Midland Bank, BT, Shell UK and Unilever, is concerned about the growing vulnerability of companies that use computer networks to talk to organisations outside their own. It is no longer sufficient for a company to be conscious of its own weak spots. If a supplier's system is open to attack, say from a computer virus, the infection could spread quickly and easily through communications links to all the other companies they 'talk' to.

John Nicholas, deputy director-general of the Institute of Directors, warned of complacency in the face of the 'computer viruses, hackers, bombs, industrial espionage, fraud and petty crime', all of which are dealt with under the new code of practice. The guidelines include descriptions of physical security as well as the latest thinking on software that protects the integrity of a computer network.

John Sacher, head of logistics and store services at Marks and Spencer, warned businesses about his company's experiences with computer viruses. It sought support in producing the new guidelines after acquiring a relatively benign virus which displayed an expletive on the screens of affected computers.

The company has since installed virus-protection software on all of its systems, even at its overseas offices and subsidiaries. Mr Sacher said that in future, M & S intends to bind all suppliers under the terms of their contracts to follow the new code of practice on security.

Neil Twist, information technology director at the BOC Group, said managers cannot afford to assume such disasters only affect others.

The Department of Trade and Industry, which helped put together the new guidelines, estimates that security failures cost British business about pounds 1.1bn a year. Half of this can be put down to 'disasters' such as flood, fire and power failures, and the other half to more malicious intrusions into computer systems.

A Code of Practice for Information Security Management; BSI Publications, telephone 0908 221166; pounds 5.00.