Backing-up all files is an approach that will protect not only against attacks from viruses, but from all other threats to a system’s integrity, if it is done correctly. If, for instance, the back-up files are kept in the same building as the original files, then physical security aspects have not been taken into account and both sets of data could be lost in the event of fire, earthquake, flood etc. There are many different methods that can be employed to back-up files. A common method, particularly when databases are involved, is to store or ‘dump’ the database on to a secure medium at regular intervals. Between these intervals, a record of every transaction that affects the system is also stored. If failure occurs, the combination of the saved database and the log file can ensure full system recovery.
Other methods include the ‘grandparent-parent-child’ process which involves saving a file’s predecessor when one file is used in the creation of another. A less complex method simply requires data files to be saved on to a secure medium, such as tape reels or magnetic disks. Access controls is an approach that can reduce the risk of virus attacks. Through only allowing authorised users certain privileges, such as adding, modifying and deleting data on the system, it makes viruses less of a possibility and also makes the source of the infection easier to identify.
Authentication of users can take the conventional form of requiring passwords to enter the system/certain parts of the system, or a security device such as an identification card. As technology improves, however, the possibility of checking an individual’s personal characteristics, their voice or fingerprints for instance, could become a reality in the field of access controls. When an organisation wishes to safeguard its data and systems against attacks from viruses, installing anti-virus software is advisable as it will provide a measure of protection and the costs are minimal. This alone, however, is unlikely to be enough to fully ensure the organisation’s data security. Some form of back-up is without doubt a large expense but also almost vital to a large number of organisations, as it protects not only against virus attack but many other, if not all, threats to security.
More specific to the threat of viruses, employing access controls of some kind is recommendable because of the reduction in risk and with the more simplified means, passwords for example, being relatively inexpensive. Another threat to an organisation’s data and systems that has become prominent in recent years, due mainly to the rise of the Internet, is being ‘hacked’.
Peppard (1997, p.168) defines hacking as “the term coined to describe intruders gaining access to a computer system through the telephone network.” He continues to comment that this is most commonly done by contacting a computer system/network and then gaining “access to programs and data by infiltrating the password controls.” Hacking is a particular concern to firms who provide dial-up access to employees, maintenance engineers or other third parties, such as customers and suppliers. In today’s society, a vast number of organisations have to deal with this threat as their operations revolve largely around the Internet. Indeed, there are some firms which operate solely online, such as Amazon or E-bay.
There have been numerous high profile hacking incidents, including the Government’s website being entered and the modified, along with more serious cases involving using people’s credit cards or online accounts for fraudulent purposes. Organisations are aware of the threat of hackers and know that if they have sensitive data, they become a target. There are various ways to protect against this threat, depending upon the requirements of the firm. A somewhat outdated method is for the user to carry a piece of hardware which can be used for authentication. Another method is to simply eliminate dial-up access within the organisation’s systems, but this would be too radical and almost unworkable in the majority of organisations today.
A more viable process is to establish dial back procedures, which involves the operator/computer dialling back the person attempting to gain access. This ensures the reliability and security of the person attempting to enter the system, and although it is not fully foolproof, it is highly recommendable. For organisations dealing with money online, banks or retailers for example, they must be able to guarantee the safety of their client’s money. An improved version of the hypertext transfer protocol (HTTP) known as secure-HTTP (S-HTTP) is used to ensure the safety of sensitive messages passed over the Internet. It employs encryption techniques in order to code the data being sent, and when used in conjunction with secure sockets layer (SSL), which can encrypt the whole communications channel, this technique is extremely reliable.
There are, of course, many more threats to an organisation’s system and data in the modern, I.T. driven world. There are those created purely by the faults of computers, such as failure or breakdown, which have to be planned for, and there are physical threats, natural disasters or caused by humans for instance. All these varying threats must be carefully considered in order to completely ensure all systems and data is secure within an organisation. It must be noted, however, that it is extremely unlikely and very difficult to completely safeguard a system from all possible threats to it.
References
Anon, 2002. Security – Firms Forced to up Security Ante. Computer Reseller News [online]. (26) 21st December. Clapperton, G., 2002. Business Solutions: Eagerly Awaiting the Next Big Thing The Guardian [online]. 20th December. Clifton, H.D., Ince, D.C., Sutcliffe, A.G., 2000. Business Information Systems. 3rd ed. London: Prentice Hall. Curtis, G., Cobham, D., 2002. Business Information Systems: Analysis, Design and Practice 4th ed. London:Prentice Hall.
