With the rapid advancement of information technologies, IT security has turned into an essential condition for meeting financial obligations in business. Businesses and IT professionals display the growing concerns regarding the quality of IT performance and its impact on the stability and continuity in all business areas. IT security has already turned into a top national concern, but businesses and enterprises gradually distance themselves from the global picture of IT terrorism.
On the contrary, more attention is paid to smaller but painful IT issues, including unauthorized access to private information, phishing, and the growing number of viruses and worms that threaten the stability of all computer systems in business. Unauthorized access: one of the major IT security concerns Restriction of unauthorized access to private information is the integral component of effective IT functioning.
Taking into account the role which IT play in maintaining the stability and continuity of business performance, unauthorized access to confidential information can become the gateway to undermining the stability of all computer networks in business. “Unauthorized access entails approaching, trespassing within, communicating with, storing data in, retrieving data from, or otherwise intercepting and changing computer resources without consent” (Axner, 2001).
The problem is that the concept of unauthorized access is too broad and does not necessarily imply the existence of external threats. Very often, employees tend to misuse their authorization rights, thus making computer systems particularly vulnerable to external cyber attacks. Here, the IT manager’s task is to guarantee that businesses comply with the basic legal requirements, and develop employee awareness about the risks and potential threats of unauthorized access.
Special attention should be paid to passwords which employees use at workplace: “there are numerous problems that can make password authentication a poor line of defense, including weak passwords, improper password storage, and passwords that are captured through social engineering techniques” (Axner, 2001). All these problems inevitably lead to unauthorized access to computer systems and can potentially compromise privacy and confidentiality in business (Axner, 2001). Unauthorized access provides hackers with unlimited phishing opportunities, making confidential financial information available for use for illegal purposes.
Phishing: the growing IT concern IT managers are responsible for the storage and use of confidential financial data. The term “phishing” is used to describe “efforts to illegitimately gain access to banking and personal details” (Thompson, 2006). Employees and managers should be aware of the phishing threats, which usually take a form of innocent emailing. A bright example of phishing is an email claiming that an employee has a problem with specific financial transaction, and requiring personal data (account numbers, passwords, and credit card details) to resolve the issue.
Other types of phishing involve emails, which ask to verify some personal details or contain misleading hyperlinks that ask employees to type in their personal information. As a result, IT managers are directly responsible for developing a whole set of preventive policies that will minimize the risks and threats of phishing in business. Phishing is a complex combination of technical subterfuge and social engineering, and IT departments are also responsible for installing and managing different types of spyware, to eliminate these types of enterprise threats.
Phishing concerns can be addressed with the help of the two integral technological instruments: blocking site access and preventing spam entry. Anti-phishing procedures require reasonable combination of anti-spam and firewall solutions, combined with continuous education of managers and employees about the threats, signs, and consequences of phishing. As the manager of IT department, I will pay special attention to what constitutes “employee awareness at workplace”, “preventing them from unsuspectingly creating a backdoor entry into the network” (Thompson, 2006).
Viruses and worms: IT threats in business A virus is usually referred to “as an unwanted computer program designed ‘to infect’ and usually harm computer system” (Sandler, 2005). Viruses and worms threaten the stability of business performance by generating chain reactions and infecting unlimited number of computers in one computer network. Viruses tend to damage files and web applications; and the Internet is the direct source of the major computer viruses and worms.
As the head of the IT department, my task is to protect all computer systems from external virus attacks. Preventive measures usually include regular virus scans, creating copies of the most important files, deleting suspicious web applications and files received from the outside, and restricting the access of unwanted emails to computers at workplace. From my experience, viruses can remain undetected for days and weeks; meanwhile, the growing number of corrupted files or missing information may also become suspicious.
It should be noted, that it is never possible to fully eliminate virus threats; moreover, IT security is never an end in itself. Rather, it is a long journey to business excellence that reminds of a daily fight for each byte of essential financial information. Conclusion Unauthorized access, phishing, worms and viruses form the list of the top IT concerns in business. IT professionals and IT departments are fully responsible for the quality of computer system performance at workplace.
The use of firewalls, passwords, and legal compliance are the integral components of computer security in business; these critical elements should also be supplemented by continuous employee education regarding the threats, the signs, and the consequences of external computer attacks. As the head of the IT department, I will pay special attention to developing employee awareness about the use of passwords and access to confidential financial information. Ultimately, whether enterprises are able to meet their financial obligations totally depends on the success of our cyber policies in business.