Data under attack?
Commercial data is now such a valuable, competitive commodity that hackers steal corporate and personal information to sell on the black market. As a result, so-called cyber crime is on the rise and recent figures suggest that this market is responsible for in the region of $600 bn in annual IT theft.
Department of Trade and Industry research found that the average UK business has around one security incident every month*. Although security incidents affecting large businesses have fallen, the opposite is the case in the small business sector, with the average number of incidents running at around eight per year. Worse still, the cost of security breaches to UK industry is estimated at approximately £10bn per annum.**
So, the threat is now mainstream, incredibly commercial and certainly not isolated to lone criminals. Financial data is particularly attractive as it contains the key to an individual’s current and future wealth.
Rightly so, people's natural concern is how to prevent their data being stolen, abused or at the very least, to put business processes in place that will render it unusable if it is stolen. For smaller or low-risk firms this can be done as simply as creating a password and ensuring that firewalls are on and correctly configured. However, managed security systems, using reputable software from the likes of McAfee, can be installed for as little as £5 a month. These tools proactively look for cracks in your defences and can be individually configured onsite by the supplier.
Taking this one stage further, products like BT Business’s IT Site Manager act like a remote IT team, providing day-to-day maintenance and end-user support, part of which is ensuring that a business’s network is secure.
For higher risk industries, of which sadly accountancy is one, the financial loss of information going missing could potentially cripple a business not just through the fines that can be levied, but also bad publicity and the potential loss of reputation.
BT Business Protect is a security solution right down to individual server or desktop level for companies with up to 500 employees. It can scale up as more information needs to be protected and defends a computer network from the perimeter in, as well as proactively protecting all servers, desktops or point-of-sale computing systems.
Other technologies such as behavioural systems like Cisco’s Security Agent proactively monitor activities which, at set-up, can be tailored to a business’s precise requirements. For example, by blocking inappropriate system use or by automatically amending and updating the network management system. These protect a corporate network from users that are logging on remotely using your Virtual Private Network (VPN).
It’s worth noting that the more widespread a security system, the more viable a target it is for criminals to figure out how to crack. Even middle-sized accountancy firms should consider regularly taking a step back to consider where any new ‘ways in’ might be developing.
Because the landscape constantly changes, suppliers are developing new IT security tools to secure business data while stored, being used - and even while in transit. These are known as data loss prevention solutions (DLP).
Security is a specialised IT area and requires advanced training and accreditation to enable businesses to comply at both a regulatory and governance perspective. Before deploying a security solution however, accountancy firms will need to evaluate their infrastructures to allow them to evaluate what data loss prevention (DLP) technology will do for them:
- Where is my confidential data stored?
- How is my confidential data being used?
- How do I enforce polices to avoid data loss?
DLP solutions bring real innovation to the protection of an organisation. They are different to previous ways of securing data because they allow an accountant to set up, operate, and distribute an effective security policy for information flow in order to keep control of critical information (e.g., blueprints, financial metrics and source codes).
They also stop employees from accidentally sending confidential data or breaching other security policies (e.g. privacy breaches and non-disclosure agreements), and provide support from whatever the device the employee is using. This could be as simple as preventing a file or group of files from leaving your firm’s network, or as sophisticated as restricting access to a specific spreadsheet cell under quite complex circumstances.
IT security crime is on the rise, especially amongst smaller businesses. IT data theft is big business and enterprises will have to address the increasingly sophisticated techniques cyber criminals adopt. Suppliers are helping to combat the corporate crime wave through new IT security tools. These technologies can remove the strain from businesses by securing information remotely and preventing employees from accidentally sending confidential data or breaching other security policies, letting businesses focus on doing what it does best.
* 2004, Information Security Breaches Survey, DTI
** 2006, Security Breaches Survey, PricewaterhouseCoopers for the DTI