The current state of Internet security can use a lot of shaping up, especially when it comes to securing business environments, says Vaclav Vincalek, president of Pacific Coast Information Systems Ltd. (PCIS).
PCIS, a Vancouver-based IT consulting firm that has been in business for 14 years, employs 15 staff members and does business throughout North America. “Based on some observations we’ve made, about one in 30 Web sites are safe on the Internet,” Vincalek said.
A large reason for many unsecure Web sites is that many organizations outsource their Web sites to other vendors/ISPs. And in most cases, Vincalek says, these ISPs only provide organizations with the appropriate hardware, operating system (OS), database, or Web engine for their site.
“These vendors are not in the business of securing your application,” Vincalek said, “so you’d be lucky if the vendor at least patches the OS. Rarely do these vendors even use any form of firewall, which leaves Web sites out in the open and vulnerable to attacks.”
Perhaps the biggest security mistake businesses make is in not properly educating all of their employees, Vincalek said. Even businesses with large tech departments are vulnerable to online threats and security risks if a machine becomes affected by a bad link or phishing attack.
Businesses that require workers to store confidential or private information on their PCs should not allow that computer’s user to access the Internet, Vincalek warns, because if that machine gets hacked, all of the information on the PC is visible, even if it’s encrypted.
“Hackers can go on to steal things like your identity and money every time the user types in a username and password,” he said. “For businesses, I’d suggest organizations have a secondary computer for their employees to help avoid this.”
Especially with the rising popularity of netbooks and sub-notebooks, Vincalek says it’s a good time for organizations to start purchasing a secondary computer for their employees too. Taking security measures a step further, Vincalek also says businesses should pre-define which Web sites users in the organization can go to.
Vincalek also came up with a list of five steps every business can take to help ensure it stays safe and secure.
First, Vincalek says businesses have to know what’s on their network by doing an inventory of all the devices. From there, businesses have to make sure the devices are patched to the latest level from the vendor. Businesses also have to figure out which kind of OS they have and create a company policy to define what’s acceptable and what’s not in the workplace and on the Internet. Educating employees about security should also be a priority for every organization. And lastly, businesses shouldn’t collect information that they don’t need, he advises. In fact, he says the less personal information that’s stored on PCs, the better.
“We’re heading into difficult times now because the economy’s going down,” Vincalek said. “But especially now, businesses have to be on the safe and secure side because if they happen to lose or get their information corrupted, they’ll just go down and potentially out of business that much faster. Partners have opportunities to help these organizations stay safe.”
