Homestyle security Featured

7:00pm EDT November 24, 2006

Security threats are ever-changing. New viruses, spam and spy-ware — as well as methods of attack — are constantly surfacing. Companies must invest in up-to-date products and partner with technology companies that can provide solutions and services for the best security protection possible, says Doug Godwin, director of technology services for Premier Technologies.

Software companies have shifted their goals in recent years to create confidence in the security as well as the efficiency of their programs. Companies should take advantage of built-in offerings of the computer systems with which they are working as well as implement their own security policies and procedures, says Godwin.

Smart Business spoke with Godwin about what security risks to be aware of, and how to protect company data and assets.

What are some of the risks companies should work to protect against?

One of the most overlooked issues is physical security. In many companies, PCs are out in the open. People who use lap-tops often walk away, leaving it out in the office or in a public place. Cleaning crews and maintenance staffs come in and out of offices, possibly providing people with access to the physical hardware lying out unattended.

Consumers are aware now more than ever of security breaches such as viruses, spy-ware and spam. One of the newest breaches that companies need to be prepared for are phishing scams. This is where intruders look to steal information more than the hardware.

How can PC and laptop security benefit a company?

Proper security can protect a company’s investments: the infrastructure itself as well as data, information and ideas. If information or exclusive company secrets leak, there are potential public relations and legal nightmares.

Company networks that are not standardized or secure allow employees to use and manage the systems however they wish. Inconsistencies in program installation, utilization and regulation create an increase in system downtime, in turn creating a decrease in productivity.

A lack of security allows employees to make changes to data or software they are not permitted to alter. It also allows for employees to explore Web sites and materials that are not work-related, slowing computer systems and creating distraction from work. With proper security, a company can see improved computer systems as well as an increase in employee productivity.

How can a company test the effectiveness of a security program?

Internal testing should take place. A company should not assume that, because a security program is installed or policies implemented, they will work properly. Each business is different, and programs need to be altered to fit the needs of each company. Testing should take place on a regular basis to ensure that programs are effective, as security needs change within a company.

Technology consultants can be utilized to run penetration tests on software security systems. These consultants identify weaknesses that are sometimes hard to see by the company. The consultants also are aware of vulnerabilities that are associated with programs.

Consultants offer a staff of experts to help diagnosis problems and provide experts to help solve such issues. They are aware of best practices and industry standards so they can use the most up-to-date programs.

Why should business owners invest in the most up-to-date software and protection?

The loss of company-exclusive data can be devastating. There have been cases where businesses have lost members’ personal information such as Social Security numbers and credit card numbers. Compliance regulations are in place that require such companies to disclose that information to consumers, so they know their data is at risk.

The public relations ramifications that can occur if a business’s data is stolen can put a company out of business. There can be a general loss of confidence by consumers.

What steps should a company take to provide the best security?

Analysis should be used to determine the needs of the company. The most important thing is to be proactive. Company polices should detail how data should be stored and what should be on a server versus a desktop machine. Identification processes should be on computers to ensure only legitimate users are logging on to systems. Encryption programs and new programs that track the location of a missing laptop with a device similar to a GPS system and then wipe the system clean of information are on the market. It is important to have these procedures outlined before an incident occurs.

DOUG GODWIN is the director of technology services at Premier Technologies. Reach him at dgodwin@premweb.com or (412) 788-8080.