Security is everyone's business, not just your IT department's. That's a point worth framing, because the weakest link "is us," to paraphrase Pogo.
Ensuring security is really not that difficult. You can reduce your risk for security breaches by using just about any program not created by Microsoft, since hackers and others favor attacking those systems. Or, there's always "security by antiquity" — using systems too old to bother hacking into. If these suggestions are not practical, then one of your best bets for ensuring security is get into a few good habits.
Security is all about business continuity - ensuring that business processes continually function. Security is also about reducing the risks of attack from "unfriendlies" that can range from hobby hacker to serious terrorist.
For the moment, everyone has the opportunity to catch up on his security needs. Companies can work on ways to get the most out of the security systems they've already adopted. Others, who haven't been as diligent about security, can catch up.
Now is the time to take care of such business, because security experts and analysts are warning that the timeline between finding a system vulnerability and correcting it before a hacker strikes is shrinking. Remember the Blaster worm, which some estimate cost U.S. businesses billions of dollars in lost revenue? It hit servers and computers barely a month after Microsoft found the vulnerability and issued a patch. And a month apparently wasn't enough time to protect all the computers and systems out there.
Actually, a month was plenty of time. However, inertia — i.e., not installing the patch immediately — resulted in one of the worst Internet slowdowns in recent years.
Overcoming inertia is something we will all have to do, because experts predict faster attacks, and on system vulnerabilities for which there are no patches. Soon, you'll have only a week to take steps to secure your systems, then only a day, then no time at all before a worm or virus strikes. It's better to develop good habits now.
Patching is a time consuming and disruptive process, which is one reason many departments delay action. Software vendors are working to develop automatic patching processes. Until those processes arrive, though, it's up to everyone to ensure that when a patch becomes available, it's installed immediately. For some real-time systems using Microsoft software, that can be an issue, says Gary Cash of FKI Logistex, as the patch can interfere with the real-time features of the system. Work with your system partner to ensure that patches don't delay operations.
It would be nice if software came without vulnerability. Vendors are working on that, too. You can play a part by giving vendors the time needed to develop resilient and bug-resistant code. You can insist on vendors developing code with security issues in mind. And you can be realistic about how long and how much this will cost. Just measure the cost of a secure program against a virus bringing your supply chain to its knees. A little more up front now is better than a lot more later.
You can also work with your IT department and help them with patches and other procedures. We are one of the two main vulnerabilities in any security plan. The other is communications. Executives and IT personnel can set policy and procedures all they want, but unless those directives are communicated clearly and enforced, your systems will be easy to attack. Executives need to do a better job of prioritizing security, and employees need to really execute the plans.
Which brings us to some bad habits we need to eliminate. These include such no-no's as writing passwords on Post-It notes and sticking them to computers, connecting any cell phone to the corporate website, working from home on a laptop computer with no firewall software. . . you get the idea. It's up to every manager to ensure his people follow security directives.
Anyone and everyone who uses a computer, cell phone, laptop or other electronic device that connects to corporate communication, web and Internet-based systems must develop good habits regarding security. Your operations and processes — and your livelihood — are at stake.
