Computer Security Issues Facing Alsager Ltd.
In upgrading the Alsager Ltd IT facilities, despite numerous advantages that the new systems brings one has to be made aware of the possible threats posing.
Virus can effect the system. They are pieces of codes created by hacker to create a nuisances and to another extreme corrupt valuable data. Examples of these can be animated icons flying pass the computer screen and to another extreme can be programmes designed to delete the hard drive. The Computer Virus can be caught through a number of ways. The most highly publicised way, is through the Internet, other ways are through removable storage media, such as floppy disks and zip drives. They can also be caught through computer networks, where a third party from another machine in the network introduces the virus (accidental or otherwise) which then spread throughout the network. The most unlikely way of virus contaminating the system is through malicious employees creating them on the system but this will be discussed later on. There are a number of precautions that can be taken to help prevent this. By simply making employees not to use mobile storage media unless they know where it has been, making them aware that pirated media , shareware/freeware programmes may be potentially dangerous. A talk and leaflet distribution to employees could be useful. If the Alsager decides to connect to the Internet, this would be another potential source for virus and such like. A firewall could be placed on the system to help prevent infection. A more immediate way of preventing virus is to subscribe to a antivirus programmes, although this will not give you 100% percent protection it will help prevent the majority of known virus. An important note to this point, is the importance of getting regular virus updates from the software manufacturer .
With the introduction of the IT facilities, the amount of room information takes up is drastically reduced from a whole filing cabinet to a small hard drive. Information can be easily copied and since the advent of the Internet, information does not even have to be on a psychical media to leave the building. This therefore makes it much more easier to copy and take out valuable information. All the companies details, there accounts and their customers account are prone to the risk. A single person can take out all the information on a zip disk or even a floppy disk depending on the size of the file. This poses the risk of company espionage and financial fraud, through the use of customers credit card details. There are a number of ways to help deal with this problem. The system should be a closed network. This means, that only people authorised to access the information may only do so through a user name and password. In this system there should be a heirachy of privileges, so only people who need to access the most sensitive information may do so. Also by having a login system, people using the system can be identified, helping solve and deter employee fraud. An important point to note is that the employee responsible for managing IT should be aware of sleeper programmes that may lye inside the system, and should be checked on a regular basis. Another step to take care of this problem, is to use encryption, when storing data and with today s encryption standards it would be near impossible to break the code. One must note that there would be little point in using this technique if the keys and passwords were not properly managed. Good quality encryption software is available.
A very important security aspect, is in systems failure, data corruption and damage in general, such as fire damage. To lose data that is the back bone of the day to day running of the company could prove fatal. The only way to help properly deal with this issue is back up the data. Since the costs of storage media and taken a dramatic tumble in price, this would be a relatively inexpensive process, especially considering what it would save the company if the worst were top happen. There should be log copies made around about every 2 months or so , of critical data. This means that one should copy all the data. So if a virus has been discovered one can back track to see where in time it started. This will also help provide damage limitation by enabling one to step back to the most reliable log copy, and then correcting the damage from there. Regular incremental copies should also be made on a daily basis, which would mean coping new and modified data only.
Employee related security should also be taken into consideration, these being using pirated software on the companies networks, which could lead to virus and copyright related lawsuits effecting the company. Another aspect to be wary about is employee fraud, technological minded employees be able a manipulate the system for there own financial benefits. This could be dealt with by keeping track of who logs in where and what time, that way if a crime is perpetrated the individual could be tracked down. Employees should only be allowed access areas that they need and should be restricted to anything else.