Friday, November 03, 2006

Biggest Threats to Data and Info Systems

Sometimes people think that their data and information systems are “safe” because they’ve got anti-virus software, firewalls, pop-up blockers and spam filters. “Unfortunately, these people are operating under a false sense of security,” says John Redmond, an information technology (IT) strategist and business security expert with Keystone Computer Group.

According to Redmond, “People don’t understand the risks involved, either. Asked ‘What’s the worst that could happen?’ people just shrug. They don’t appreciate the apocalyptic possibilities.” And those are…

  • You get fired from your job.
  • Your organization fails.
  • Your identity is stolen and your bank account is drained.
  • You are arrested and put in jail.
  • Your name is splashed in the newspapers.
  • You are sued by clients/customers claiming losses and damages.
  • All of the above.

What are the biggest threats? They may not be what you think they are! These are the top-4 threats, according to Keystone Computer Group which has been serving the IT needs of small and mid-sized organizations in metropolitan Washington, DC since 1982.

  1. The biggest threat is your employees. For example:
    • Mistakes happen, (how else will employees learn if you don’t provide guidance and continuing education?) like one person clicking a seductive-looking yet malicious link on an email or web site. And because yours is a networked, teamwork environment, the mistakes of one can become the problems of many.
    • Your employees embody valuable data. So, when you lose a key person to a competitor, retirement, disability, death, etc. you are losing valuable data.
    • Disgruntled employees do malicious things. “Hopefully they’ll quit rather than act out,” you say? Or, maybe you want them to do something and give you cause to fire them?
    • After you fire a disgruntled employee, they may be willing to “cut off their nose to spite their face,” spreading embarrassing truths and despicable lies about you. Thus it has always been; only with the Internet, they have a MUCH BIGGER audience.

  2. Portable devices are the next biggest threat. This includes laptop/notebook computers, PDAs/Blackberries, cell phones, portable storage devices, and similar devices. Why?
    • Portable devices break easily, and if they have not been backed-up, data gets lost when they break.
      • Performing and managing back-ups on portable devices are often complex tasks, and often they do not happen properly.
    • Portable devices get stolen, and they get lost.
      • In May 2006, the Department of Veterans Affairs (VA) learned that an employee took home a laptop computer and external hard drive containing Social Security numbers of millions of veterans. They were stolen from his home.
      • In June 2006, a laptop containing Social Security numbers 13,000 DC government workers and retirees was stolen Monday from the home of an employee of the company which administers the District's retirement plan.
    • Because they are not properly secured.
      • Often times no user name/password login is required to operate the device. The hard disk is not encrypted. So, if it is lost or stolen, it takes no special skill to access everything on the machine.
      • Say you’ve got some time to kill in O’Hare between flights. You can pull out your laptop to use one of the available open WiFi networks. If you have file sharing enabled on your laptop, and many laptops do, anybody else on that WiFi network can surf your hard drive while you are checking your email.
      • You are walking down the street with your Blackberry on your belt. A fellow is walking behind you with a laptop in his briefcase. His laptop has synchronized via Bluetooth with your Blackberry and is copying your contact list, calendar and emails. It takes about 15 seconds, and you never know what happened.

  3. Wireless networks are a threat because they can sprout without being properly authorized and properly secured.
    • It doesn’t take an IT expert to buy, plug in a wireless access point and create a wireless network. The devices are inexpensive, and out of the box, many such devices are completely unsecured. It does take some technical sophistication to properly secure the wireless network once it is up, so many such networks are completely unsecured. Anybody in the vicinity of the access point can get on the network.

  4. Power is the Achilles heel of the Information Age.
    • Everything comes to a halt when the power goes off. Backup power, if you’ve got it, only helps with minor, brief power interruptions. A power outage over a wide area lasting for days, and you are not going to be able to transact business.
    • The power generation and transmission grid is a complicated, antiquated, patchwork affair, which allows some sharing of power and on-line capacity to meet peak needs. It is not a fail-safe system. In many areas, the power system is not reliable. Fortunately, in most central business districts, the power is more reliable than it is in tree-lined residential areas.

For more information or for questions, call John Redmond at 240-486-6370. Keystone Computer Group is located at 4615 Lee Highway, Arlington, VA 22207.

No comments: