As much as information technology (IT) has improved commerce and the business world, it also creates the potential for malicious damage. While computer networks enhance communication and data sharing and make business more productive, they also present an opportunity to access corporate information. Unauthorized access to these networks can result in data theft, business disruption and exposure of trade secrets. Here are the most common computer security weaknesses and their solutions.
Vulnerabilities result from loopholes, sometimes called "bugs", in hardware, software or the network system. They can usually be traced to improper setups or configurations. Potential hackers can use these loopholes as entry points into your system, where they can steal data or do other malicious damage. Unfortunately, sometimes they are discovered only after they have been exploited by hackers. However, once bugs are discovered, the hardware or software manufacturers notify users of the vulnerability and provide software and codes to patch the loopholes.
The most effective way to protect your company from loopholes is through regularly scheduled software and network updates. Third-party programs including firewalls and antivirus program will also help secure your network and internet connections.
Spyware is a catch-all term for malicious software that's secretly installed and captures information from one computer and sends it to another. It can capture seemingly harmless data such as browsing or searching habits, but can also steal passwords, credit card numbers and other confidential information.
Computer users unknowingly install spyware while downloading software or installing programs or through direct file sharing and instant messaging. One of the most common ways that spyware gets into a computer is through 'free offers' of software or programs that you have not ordered or requested. It can also be embedded in games or other apps.
To avoid spyware, don't connect to the Internet without an anti-virus program and firewall in place. Since spyware is usually disguised as a benign program, don't open suspicious files or error dialogues, especially those that come from external email addresses. Adopt a policy that requires your IT department to approve and assist with any software installation on company computers. Finally, even for trusted business software, always read the entire End User Agreement. These agreements can contain vague, confusing or misleading terms that require you to accept and install other programs that are not part of the initial package.
The unsolicited and unwanted email messages known as "spam" are some of the most detrimental threats to your business. Spam can include viruses that hijack your email program and send emails to your contacts making it appears as though the emails are from you. They can contain offensive language, racy content, enticing offers or even phony pleas for help, all designed to get the recipients to open them. The viruses then target the recipients' personal and financial information. If your contacts - clients, suppliers and employees - don't realize that it's spam, these emails can damage your professional relationships. They can also compromise confidential information and take up valuable company time
The most effective way to eliminate spam is to install spam-filtering software, which will either block it completely or send it to a dedicated email folder. However, spammers are increasingly sophisticated, so filters won't always catch every dangerous email. Employees still need to use caution when opening emails and instant messages and clicking on links, especially when the senders aren't on their contact lists. .
Phishing is a tactic that thieves use to trick people into providing personal and financial information through instant messaging, spam, malicious websites and scare tactics. It's dangerous because the senders can use legitimate company email addresses to extract information from their victims, who don't realize these emails are fakes and believe they are dealing with legitimate companies. For example, they may receive email inquiries that relate to your product line or the services or that look like they come from your bank or payroll company.
Spam blockers, filters and anti-virus programs can prevent some phishing emails from getting through, but the most effective way to avoid being a victim is never to access a website though an email link. Employees should always be suspicious of any email that includes a link to log on to the supposed sender's website, especially if the email claims that the account has been compromised and asks the recipient to change their password or enter other identifying information.
While hackers and thieves use their knowledge of technology to exploit weaknesses in a company's computer network, this unauthorized access can be the easiest to prevent. Sometimes the biggest threat to network security is actually employees' behavior and human nature. Your IT department can monitor the network for bugs and intrusions and install reputable anti-virus software, firewalls and phishing filters. However, network security is a team effort - you also need to educate employees about these threats and adopt internet access policies that promote safe and professional online behavior.