Protecting data: privacy and security
Security: hackers
Your organisation faces a range of security risks from other people, generally ‘hackers’ (more specifically, ‘black hat hackers’). The term ‘hacker’ refers to people who use or access computer programs or systems in ways that are different from the manner intended by the creator of that program or the organisation using that program. Some hackers just want to test their technical skills and knowledge, others share their results with the organisation they hack so it can improve its processes. However, some hackers use their skills and ability to gain unauthorised access to systems for nefarious purposes. These types of hackers are referred to as ‘black hat hackers’ (as opposed to ‘white hat hackers’ who use their skills for beneficial purposes).
Black hat hackers may try to directly exploit vulnerabilities they detect on your computer while it is connected to the internet. They may also try to leave malware in your website to infect visitors and they may try to eavesdrop on your communications (for example, through the use of keystroke logging).
Securing your computer
Computers are designed with default settings to allow a very broad range of communications to take place across the internet. However, most consumers and businesses do not need their computers to communicate in as many ways nor as complexly as computers have the potential to do. As a consequence, it is best practice that every home and office computer connected to the internet has a ‘firewall’ in order to reduce the amount of unwanted access, and to give the user control over what their computer does. A firewall is a technological barrier designed to prevent unauthorized or unwanted communications between computer networks.
Firewalls are created using either software or hardware. Hardware firewalls are used in big businesses and government agencies. Most small to medium enterprises will use software firewalls, which often come bundled in IT security software or embedded in the operating system.
The following well-known providers offer commercial security solutions and information.
The selection of hardware firewall devices for larger businesses requires expert advice from IT security professionals.
Securing your website
In addition to securing your computers, it is important that businesses and organisations try to ensure that their websites are not used to pass on threats to their visitors. This can occur when a hacker alters the coding of the website to include malicious code, known as ‘drive by downloading’. For more information on what this involves, see the article Drive-by-Downloads.
It is important to emphasise your desire for website security to your website developers, who may otherwise use products to build websites which have known vulnerabilities.
There are commercial services available to scan your website on a regular basis to check for malware and vulnerabilities. For example, VeriSign is one of a number of companies to provide a service that will scan your system for malware prior to issuing a trust seal to reassure your users (see the VeriSign Trust Seal).
In addition, most IT security software now includes services for rating websites you are visiting, and will advise you if the website has known vulnerabilities, or has been reported for illegal activities.
Securing wi-fi
Business, organisations and home users are increasingly using wi-fi (wireless) communications to link computers with routers. Wireless networks allow your employees and colleagues to connect online and with each other wherever they are within your office. It is important to ensure wi-fi security is enabled to reduce the likelihood of interception of your network by people who may seek to use your connectivity for inappropriate or unlawful purposes, or to people who try to access the information that you transmit via the network.
For some simple steps to wi-fi security, see http://compnetworking.about.com/od/wirelesssecurity/tp/WiFisecurity.htm
