[ISN] Secure state of mind

InfoSec News isn at c4i.org
Tue Nov 2 03:51:38 EST 2004

By Mick Hegarty 
2 November 2004 
Not surprisingly, security is one of the biggest issues facing
businesses today. The threat posed by viruses, hackers and fraudsters
affects every organisation, as do the consequences of accidental
damage, equipment failure and even uninformed employees.

It is a fact that lack of appropriate security measures result in lost
business, lost revenue, lost customers and even loss of reputation.  
Poor levels of security threaten a company's survival.

The Department of Trade & Industry has found that the average UK
business now has roughly one security incident a month, and this
situation is not going to get any better as businesses use technology
to make better use of information, change the way they work and stay

Small and medium-sized enterprises must feel they are under attack
from all sides. And to cap it all, recent legislation in the form of
the Data Protection Act, the Stock Exchange's Turnbull Report and
guidance from the Financial Services Authority places responsibility
for data security and openness of accountability at the door of the
most senior people in the business.

For SMEs that responsibility is landing in IT managers' laps. They are
being given the task of setting up and supporting rigorous security
policies and systems. So where does the IT manager start?

The first thing is to realise that security is not all negative. Just
as poor security can be fatal, good security can bring real
advantages. Customers and suppliers who have confidence in a firm's
security policies will spread the word. Good defences help enhance the
brand and differentiate a company from its competitors.

What is more, being confident about security means you will be able to
open up the network for flexible working, direct links with suppliers
and e-commerce. This is how IT managers can really enhance their
reputation within the company. The workforce will appreciate the
greater flexibility in the way they are able to work and the directors
are going to enjoy the competitive advantage and the money they are
saving. Get the network security right and the IT manager becomes a

At the same time, security does not have to be difficult and expensive
thanks to continued reductions in costs and improvements in the range
and capabilities of third-party providers.

Third parties can supply expertise to analyse vulnerabilities and help
to develop your security policy. They can design and implement
security products to meet requirements and budget. They can monitor
the system proactively and help manage aspects such as firewall and
URL filtering rules and updates to the anti-virus system.

A third party will have invested in skills and capabilities that a
small company would find hard to afford itself. This will include
government and manufacturer accreditation, skilled consultants and
engineers and the learning that comes from helping other businesses
such as yours. This can give you real peace of mind.

And do not forget that if you choose one supplier for your network and
your security, you have the added advantages of a single supplier to
work with and one who understands every aspect of your needs.

By managing security in this way, SME IT managers can concentrate
their efforts on their core business while letting others concentrate
on the challenges of integrating and managing security. They can avoid
having to recruit skills or potentially investing in equipment
up-front. Most of all, IT managers can make a real contribution to
protecting and enhancing the company. So, do you want to be a hero?

Mick Hegarty is ICT general manager at BT Business

More information about the ISN mailing list