170 likes | 314 Views
IT Systems Integrity. Chris Nabavi BSc SMIEEE. IT Systems are Mission Critical. Have you ever stopped to consider what would happen if, through theft, hacking, fire, flood etc. you lost: Your communications (web & email) Your trade secrets and employee records
E N D
IT Systems Integrity Chris Nabavi BSc SMIEEE © 2006 PCE Systems Ltd
IT Systems are Mission Critical • Have you ever stopped to consider what would happen if, through theft, hacking, fire, flood etc. you lost: • Your communications (web & email) • Your trade secrets and employee records • Your accounts, payroll and designs • Your ability to process orders • In fact - all computer facilities? You’d use paper? © 2006 PCE Systems Ltd
The Consequences • Direct Loss • Loss of hardware & data by fire, theft etc. • Indirect Loss • Sales, goodwill, competitive advantage • Productivity Loss • Data corruption, staff time, general chaos • Legal Exposure • Contracts, slander, illegal use, director liability © 2006 PCE Systems Ltd
A Pharmaceutical Company • Has a web-site where users of a drug register • Sends reminder to take drugs when due • Inadvertently shows all email addresses • Compensation claim for breach of privacy • Regulatory fines • Damage to brand • Loss of confidence = Huge Financial Loss © 2006 PCE Systems Ltd
The Cost to British Business • 44% of businesses suffered at least 1 security breach in past year • Average cost of an incident is £30,000 Source: Information Security Breaches Survey 2002 by DTI & PWC Computer related disasters cost the UK £1,800,000,000 per year Source: NCC © 2006 PCE Systems Ltd
Sobering Statistics • 43% of companies that suffer a major loss of data go out of business as a direct consequence Source: McGladrey & Pullen • 90% of those without a contingency plan do not survive 1 year Source: Touche Roche © 2006 PCE Systems Ltd
Disaster Recovery Plan • Many large American corporations suffered terrible losses of both staff and facilities in the attack on September 11th 2001 • Some went out of business • Others had a disaster recovery plan • These ones survived © 2006 PCE Systems Ltd
But, Its Not Just the Big Boys! • SME’s usually have: • Fewer resources • Everything in one location • Less up-to-date systems …. And …. • No security, no training, no content filtering, no back-ups, no archives, no usage rules, no firewalls and no spare cash to buy time • Don’t wait for a disaster before acting © 2006 PCE Systems Ltd
Disaster Recovery Plan • Assess the risks • Minimise / avoid them where possible • Keep copies of vital data off-site • Develop series of realistic recovery steps • Test the plan • Check your insurance cover • Standard cover often excludes data loss etc. © 2006 PCE Systems Ltd
Reduce the Risks • Educate staff about the risks • Introduce an “acceptable use policy” • Limit access on a “business need basis” • Install suitable technology & updates • Ensure compliance with legislation • Re-assess the risks regularly © 2006 PCE Systems Ltd
Employee Issues • Acceptable use policy: • Define what employees may and may not do • Train employees on security awareness • Downloading software, passwords etc. • Limit access and install content filtering • Warning: 80% of IT intrusions are perpetrated from inside the company © 2006 PCE Systems Ltd
The Danger of Emails • Internal email between two employees suggests competitor is financially unstable • Visitor to office reads email on screen • Notifies third party of what he saw • Third party sues for slander • Settled for £450,000 plus costs © 2006 PCE Systems Ltd
Back-ups • Make back-ups regularly & store off site • Back up data, software & configurations • Run a documented media rotation and back-up / archiving scheme • Test the back-up mechanism, since half of them don’t actually work! • Warning: 2% of disasters are caused by tests with faulty back-ups! © 2006 PCE Systems Ltd
Beware Wireless LAN’s • 63% of wireless LAN’s are left on their default settings with no encryption • So anybody parked outside has access • Set up wireless LAN’S properly before use © 2006 PCE Systems Ltd
Anti-virus • Install anti-virus software on all PC’s • Keep virus definitions up-to-date • Set PC’s to do regular automatic scans • Ban downloading of software from the Internet, floppies or memory sticks No dancing Father Christmases this year No games or unauthorised software © 2006 PCE Systems Ltd
Firewall • Use a reputable stand-alone firewall • Block all protocols not actually needed • Ensure employees cannot bypass firewall • Test the firewall with a mock attack © 2006 PCE Systems Ltd
And Finally ... • If you don’t have the expertise or time in-house, talk to us and we will arrange for an expert to sort it out for you. Alternatively, keep your fingers crossed! © 2006 PCE Systems Ltd