Corporate Computer Security -- Is it Really Secure?

Most businesses today may think their network is secured, but are they? Where are the biggest security holes and what can you do to fix them?

(PRWEB) August 17, 2006 -- Many companies today make use of computer networking. In recent years, hardware companies have developed previously complex technologies in now relatively simple, easy to install solutions. These solutions are making computer networking easier than ever, even for the small business. In the past, it would have taken a hired I.T. professional to install and set up a network with Internet access. Now even the layman can run out to their local technology store and make an inexpensive purchase that can fulfill the same by simply plugging it in and/or clicking through a wizard. Companies with larger budgets also make use of newer technologies with more computing and information power than ever in history. A small I.T. staff (or even a single person) can create a networking infrastructure that rivals even some of the largest corporations in the world.

With the growth of technology in corporations and the boom of "out of the box" solutions, also grows a lack of awareness (or even concern) of data security. Trends in corporations are showing that the largest risk to their data is not a random "hacker" or "script kiddie", but their own employees. According to Net Sense owner David Lamkin, the majority of companies he has worked with have had little or no knowledge of the policies they should have had. "Most employees I have worked with had never read the computer usage policies of their employer, if they even had one."

Most companies tend to consider the expense of securing their corporate networks only after a disaster. This "reactionary" thinking is what allows security breaches to happen. Often, I.T. professionals will recommend more security measures or tighter policies put in place, and are denied from either a lack of budget or the staff does not want to be inconvenienced (like having to regularly change passwords or follow other standard security measures). "I can't tell you how many times I have been denied the ability to implement simple security solutions because it would be too much of a bother for the users." says David. He goes on to say "Users do not want to be burdened with revolving passwords, let alone a requirement of complexity in their passwords." The truth is, the more secure your network is, the more the user community is inconvenienced.

As mentioned previously, employee training is probably the most important factor in securing your network. Most employees don't know that their administrator never needs their password. If the administrator needs to log in using your account (which should be rare or not at all) then they can change it to a temporary password, allowing you retain the confidentiality of your credentials. "The typical employee is commonly far too trusting and is apt to blurt out their password to the I.T. Admins." adds David. It is also very common for your employees to have knowledge of each others' passwords (usually in case someone is out sick and you need access to their work). This is one of the most common and simultaneously one of the biggest security breaches. Standard practice is to disable a user's account when employment is terminated, but how many other passwords do they know?

David explained that computer network security should be thought of more like insurance. He says "Though you may not have an injury now, you may in the future and will need means to facilitate and help the healing process. This can be true in computers. Network security is often thought of as a liability rather than the means to prevent disaster. In truth, it can cost more to recover from disaster than to prevent it."

How can I increase security but not spend a fortune? Lets face it, spending money on your network doesn't bring in any business. Moreover, it can get pretty expensive (the same can be said about insurance). On the other hand, cutting corners in costs can greatly reduce the integrity of corporate data. The good news is there is a happy medium. You don't need to spend a great deal of money to gain a good security structure. There are simple changes in most networks that can correct many common security holes. If you train your employees well and have good policies and practices, you will have won most of the battle. Most companies find that the more knowledgeable their employees are, the more excepting they are of higher security. The only remaining parts are network design (I would suggest using an outside analyst to point out any flaws in your network) and active maintenance (which your current I.T. staff can facilitate).

David A. Lamkin is owner and operator of Net Sense, a computer network analyst and custom software developer. He has over thirteen years of experience in the information technology industry. David has helped companies in gaining Sarbanes & Oxely (SOX) certifications and he has managed networks for both publicly traded and private corporations.

###