Business and web security

While your employees surf in blissful ignorance, hackers are primed and ready to take full advantage. Today's threats come from programmers who work in cooperation with professional criminals in the profitable business of cybercrime. Their target market is any individual PC user who puts trust before skepticism. The challenge for those of us who know better is to provide protection against perilous user behaviors.

The best chance that businesses have to protect themselves from their users is through a layered security solution. Each layer is designed to protect against one or more threats, and the layers are put together so if one layer fails, the next is ready to step in.

The first step in a layered security solution is to identify all data that has value to your business, know where it is and who has access to it.

Then apply appropriate physical and electronic access controls to that data, and back that data up, both locally and offsite.

It's also necessary to develop and maintain disaster recovery and business continuity plans, as well as create and implement security policies that address all potential risks inside and outside the organization.

In addition, train employees to understand the level of risk associated with their online behavior. Your business depends on it.

Computer security is not a static issue. Threats, threat vectors, technology and behaviors constantly change. We must be prepared to add more layers as the situation demands. A continuously reviewed layered security solution is the best chance we have to protect users and businesses from themselves. So be diligent, good luck, and stay safe out there.

From the November 2008 Issue of SCMagazine »