PoundGates Insurance¸ Claims & Risk Management Solutions

Is computer security keeping you up at night?

NO ONE would ever leave their business for the night without locking up and making sure the premises are secure. Yet this, in digital terms, is what computer users fail to do on a daily basis.

The important and commercially sensitive information kept on computers just keeps growing, employee identity theft is becoming an epidemic and organised crime is becoming ever more sophisticated, so security often lags behind. This can leave companies open to blackmail from hackers or internet pirates using botnets, a network of computers programmed to work in concert to overload a target computer’s capability.

There’s also the threat from revenge by ex-employees – this may come via IT-based viral attack, or people walking off with laptops containing sensitive information.

How lax are your staff?

Do your employees leave their computers on at night or leave their password on a Post-It note stuck to the computer?

Security vulnerabilities from outsourced operations can also be a risk. That’s why businesses mustn’t just insist on high level of security from business partners, but check and monitor these regularly as well.

Linked systems also cause problems as one lax area of security threatens all those in the chain; wireless access is also a major risk.

So what can you do?

One decision that can help you establish an adequate security level is to work to a standard such as BS7799.

This revolves round 10 steps:

1. Security policy: Sets out the high level principles a business has in protecting data – creating a document used to educate employees.

2. Organisation Security: Deals with the nuts and bolts of how information security management is organised.

3. Asset classification and control: Ensures information and information-processing equipment are managed and accounted for as valuable assets.

4. Personnel security: Covers any personnel issues such as training responsibilities, vetting procedures and how staff should respond to security issues.

5. Physical land environmental security: Looks at physical aspects of security including protection of equipment and information from physical harm.

6. Access control: control of access to information and systems on the basis of business and security need.

7. Communications and operations management: Examines correct management and secure operation of information-processing facilities during day-to-day activities.

8. System Development and Maintenance: to ensure security and the maintenance of information integrity.

9. Business Continuity Management: ensures the maintenance of essential business activities during adverse conditions. From major disasters to minor local issues.

10. Compliance: Concerns business compliance with relative national and international law, professional standards and any processes mandated by the information security management system.

While we can arrange insurance against most computer crime, this is a good supplement – not a substitute – for adequate protection measures!

For further information please contact the PoundGates team
e-Mail: info@poundgates.com or 01473 216406
Authorised and regulated by the Financial Services Authority