Continued from page 1
Almost worse than losing all your data (because we know you keep a regular backup), is having your system infected with a worm program. In some cases this can leave your computer unknowingly sending an attack way of all your contacts. Alternatively, your computer could be under complete control of a third-party, who is using your processor, memory and hard-disk for their own purposes.
What can I do to stop it? Just as it is not councils responsibility to stop burglars coming down your street, in UK there is very little responsibility on ISPs to prevent attacks. If your systems are not locked (with firewall software), alarmed (with an intrusion detection system) and insured (by taking a daily backup) you have no-one to blame but yourself.
There are three pieces of software that every business needs to at least consider. I cannot over-emphasise need for an up-to-date virus scanning program. Most reputable products will scan for and remove some Internet worms and some Trojan horses; however they will not detect other types of attack. For those attacks a good firewall package is essential. Installing one of these programs is akin to fitting locks to your doors and windows. Finally an intrusion detection system (IDS) is similar to an alarm system, warning you of a potential attack.
In my opinion all businesses should have a solid anti-virus policy as well as a good firewall. Whichever solution you choose at end of day, you must fully understand its capabilities or it will be as effective as not having anything at all.
Keep an eye on patches Most electronic attacks exploit a mistake in program code of software you use. Responsible software vendors will issue a 'patch' that resolves each issue as soon as it is brought to their attention. You will find that many software companies have e-mail lists that you can subscribe to in order to be notified of new problems and patches.
This patching mechanism makes up software industry's response to hacker community. If you are applying your patches diligently, security of your computer systems depend on how far ahead either side is. It is therefore good practice to have a complete security audit of your systems by an external consultant twice a year or more often if you rely heavily on your data.
It won't happen to me Your business network is constantly being probed by hackers on Internet looking for ways into your data. Most attacks occur without user even knowing that a system is compromised. Our systems at FWOSS get probed three or four times a week, so our firewall is invaluable in ensuring they get no further.
What can I do in case of an attack? Of course your regular backup provides your ultimate safety-net, but as effects of different electronic attacks are so varied there are no hard and fast rules to recovery.
It is very much a case of prevention being better than cure; therefore you should think about installing an anti-virus program, firewall and intrusion detection system. You should keep a daily backup; check if your systems need patching weekly; and have a security audit bi-annually or more frequently.
Thom is the operations director for Fire Without Smoke Software (FWOSS) ltd.