One of the greatest fears of any business relates to the ability of hackers and ex-staff to obtain access to their computer systems, steal their intellectual property and cause significant commercial damage. I recently attended a conference in Washington on electronic communications and large parts of the sessions were dedicated to the issue of cyber security.
Presentations were given by the FBI, Homeland Security and CIA who all confirmed the prevalence of cyber-attacks. One notable point was that many attacks are not directed at the central systems of businesses. Hackers have found that these systems are often quite well protected by firewalls. The attacks, however, are directed at peripheral apparatus – laptops, mobile access devices and remote access computers. Hackers have found that these devices are far less protected and once infiltrated provide a clear and open line to the central business.
From a legal point of view businesses must ensure that they have in place strict policies in relation to the use of these peripheral devices to ensure that these devices are as protected as their central systems. Things as simple as the length and strength of passwords have been found to be very important in deterring hackers, policed policies in relation to which machines are able to be utilised to obtain remote access, utilisation of both password and question based login access, for example, what was the name of your first pet are all found to have a significant impact upon accessibility to your systems.
In Australia the Australian Defence Signals Directorate has affirmed the utilisation for particular IT methodologies to prevent unauthorised access. It has compiled a list of over 30 actions. That list can be found at http://www.asd.gov.au/publications/Mitigation_Strategi es_2014.pdf.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
