Over the last 10 years, computers have increased in speed and capacity while decreasing drastically in price. Computers that where once used in the corporate environment, are now slower than typical household computers. While this change occurred, telecommunications have improved to allow computers to communicate easily from remote locations, adding great opportunities for illegal activities. Data can be changed or destroyed, systems can be made to malfunction and long distance charges can be avoided. One of the biggest challenges today is to control the network security. Network security is having protection of networks and their services from unauthorized access, destruction, or disclosure.
Malicious acts bring up the important topic of disaster recovery. Companies must have up to date copies of their important documents and software to prevent extended downtime. The saved information will let the company’s employees continue to work while the IT department deals the damaged media. In 2002, computer virus attacks caused companies roughly $20 billion to $30 billion up from $13 billion in 2001. This number continues to grow as more computers are sold.
Users must realize the risk of the internet and file sharing before the statistics can decline. Examples are peer-to-peer download software, instant messaging channels, and email. These examples sound like home user issues but the reality is that employees are always finding ways to use this software in the working environment. In the end, it jeopardizes the network and costs companies money. Software companies have developed ways to deal with computer viruses and email spam in an automated fashion. Some can be free for personal use and others are expensive intended for corporate level networks.
Confidentiality in computer systems prevents the release of information to unauthorized people. Individuals who trespass into someone else’s computer system or exceed their own authority in accessing certain information, violate the legitimate owner’s right to keep private information secret. Integrity of electronically stored information ensures that no one has tampered with it or modified it without authorization. Any unauthorized corruption, impairment, or modification or computer information or hardware constitutes an attack against the integrity of that information. Many of the malicious hacking activities, such as computer viruses, worms, and Trojan horses, fall into the integrity category. The same is true for individuals who purposefully change or manipulate data either for profit or some other motivation, such as revenge, politics, terrorism, or simply for a challenge.
Internal computer crimes are alterations to programs that result in the performance of unauthorized functions within a computer system. These offenses, usually committed by a computer programmers, require and extensive amount of computer knowledge. A programmer may change an existing program so that it appears to operate normally but in fact performs unwanted functions whenever logical conditions are satisfied. Under these conditions, the program may erase files, change data, or cause a system to crash. Viruses, the most recent type of internal computer crime are sets of instructions that secretly attach themselves to other programs. They can spread through a system and to other systems when the infected program is copied or transmitted.
The destructive instructions can be embedded in other programs which may later be executed on other systems. Companies such as Microsoft have struggled with security problems. Trustworthy Computing, was an attempt for Microsoft to employ better security and customer response. They even went as far as delaying shipments to review code and redo its development process. Half a dozen months after the release of Windows 2000, Microsoft released 32 updates while 21 were considered to be critical. Showing improvement was the release of Windows Server 2003 with only 14 updates and 6 critical issues.
Although the numbers do show improvements some people think it is because of previous launches. Microsoft has interest in other areas such as privacy, reliability, and business integrity. Microsoft has not forgotten about older versions of Windows. Since the older versions are vulnerable and less secure, time has been spent to reduce customer risk.
Security issues are not always susceptible to outside intruders. An upset employee doing it for revenge is a popular example. Stolen data can be used for revenge, profit, or just for fun. Employee data theft has been a problem that continues to grow. For this reason, companies look into data encryption. Files are protected while being stored and transported.
Extra protection comes from logs being created when encrypted files are accessed. Employees can also be limited to the internet sites or networks they are allowed to access when a firewall is used. A proxy server uses a database of websites a URL is compared to, to filter inappropriate websites. Firewalls, whether hardware or software, usually allow the user to control what ports the protected computers are able to access on the Internet. This can be useful in preventing messaging channels.
All the topics stated above are only a few reasons why a company should have good disaster recovery plans. Disasters occur unexpectedly and their bad effects increase for those who are not prepared. A disaster prevention and recovery plan can help protect all of an organization’s assets including people, jobs, records, vital records, and facilities. These plans must include a clear definition of the organization’s records to be protected in the disaster plan. The plan can easily get out of hand by adding unnecessary costs which will make the plan appear unnecessary to management. Elements to avoid in your plan should include the reconstructing or salvaging of reference material, convenience copies, and non-essential files.
Data records vary greatly in value. Whether stored electronically or on paper, the plan must identify historical and vital records as well as records that are essential to the continuation of business after a disaster. A current list of vital records is necessary to determine the extent of any records disaster. Procedures for protecting and reconstructing data stored on magnetic media and optical disks differ from those for protecting and salvaging information contained on paper. Disaster plans must include and provide for all media on which records are created and stored.