Is Your Dealership e-SecureWritten By Patricia S. Eyres
Article Date: 04-01-2005
Copyright (C) 2005 Associated Equipment Distributors. All Rights Reserved.
Tips for developing an effective, enforceable e-security plan.
Every dealership, regardless of size should have an easily understood, consistently enforceable policy to protect trade secrets, maintain the integrity and security of networks and servers, protect sensitive customer information, protect the organization from lawsuits, protect the integrity and reputation of the dealership, and ensure achievement and productivity. Security is everyone’s business. Spam and viruses are the most visible, but not the most significant security challenge. Fearing loss of valuable trade secrets and confidential company data, large and small organizations are installing firewalls to protect their networks. These firewalls will stop many, but not all of today’s hacker attacks.
Hackers can take advantage of holes in a network’s perimeter defenses. These points of attack are often created by employees who bypass protections by attaching modems to their PCs, setting up wireless access points without permission or downloading risky software, such as chat or file-sharing programs.
That’s why security is everyone’s business, and all managers and employees must understand the importance of following the dealership’s established security procedures. This is especially important when employees use laptops or work from remote locations.
Keeping your networks secure from hackers is just as critical to protecting your customers’ private information. Hackers target electronic databases of companies selling products on the Internet, because they often have a mountain of information from which identities can be stolen: names, addresses, credit card information, and other personal data.
Theft of customer data gets the attention of the media, and one company was hit with a class action lawsuit charging it failed to secure credit card information online.
In addition to the legal exposure and negative PR, it wasn’t helpful for future business development.
The consequences of insecure networks has prompted tough laws in several states, most notably California, which require any business that collects data from California consumers to immediately notify every person if there is a breach of security – from any source.
What about mischief and malice by employees and coworkers? In many ways, email is ideally suited to smuggling trade secrets and valuable company data out of your organization.
Leaks of important business plans can be embarrassing and costly, as Apple Computers learned when it was forced to speed up the launch of a new product due to a leak from inside.
And, intentional disclosure of secrets can cost a lot more. A scandal involving nuclear secrets leaked from the U.S. Department of Energy’s lab at Los Alamos underscores the security risks inherent in email.
Investigators found evidence that email was the critical component in the theft of top secret data about how to fabricate smaller nuclear warheads.
A comprehensive e-security plan should address internal threats that are as dangerous as attacks from outside.
Identifying internal threats is the first step. The combination of email overload and careless attachments is one risk; intentional stealing from internal electronic files by email attachment is quite another.
Whether accidental or deliberate, breaches of confidentiality can erode customer and employee confidence, cost jobs and devastate your organization.
Information security requires effective policies and consistent enforcement. It is imperative that all employees know and understand their roles in security. Following are strategies you can put into practice immediately.
Why Information Security?
Information security is designed to prevent unauthorized access or damage to hardware, software, and data. This encompasses misuse, malicious or accidental damage, vandalism, intentional intrusion, fraud, theft and sabotage to information resources.
The purpose of information security is to safeguard information resources. Information resources include all company hardware, software, and data in both electronic and hardcopy formats.
Excerpted from April 2005 Construction Equipment Distribution. For the complete article, email email@example.com or to subscribe, CLICK HERE.
[ TOP ]