Organisations must take steps to guard data

As recent media scrutiny of Facebook's breach of privacy has highlighted, the biggest challenge facing UK businesses today is IT security.

As recent media scrutiny of Facebook's breach of privacy has highlighted, the biggest challenge facing UK businesses today is IT security, writes Graham Fern, MD of

As a business becomes increasingly reliant on the data on its systems, it faces ever-increasing threats to the network and data integrity, and this will continue to rise as long as the need for more efficient technology rises also.

We all pick up on issues in the media regarding internet usage and the security of our electronic data that we store or transmit to third parties, and these perceived issues are almost the same, it's just the scale of the solution that differs and therefore the cost.

It seems today many users are complacent about their computer security needs, as they become too reliant on the services and advancements of the technology world to protect their data.

Computers and data will always be at risk if you don't take reasonable steps to protect it. Would you leave the front door to your house open or unlocked whilst you were out for the day? Of course not, but this simple analogy holds true to computers and systems at risk if you leave the door wide open.

Some simple steps will effectively reduce the risk to an acceptable level. However, a committed burglar will gain entry in to your house despite what measures you take, unless you spend an extraordinary amount of money on your security systems and even then there are no guarantees. So to protect our data, we must accept a small amount of risk without spending very large amounts of money, and unfortunately the risks are quite real.

The use of professionally written, intelligent, extremely powerful and well-executed viral code is becoming widespread. Infections today are less openly destructive than they used to be as the writers now know that they can extract useful and valuable data that has financial worth, like credit card details. Infected machines have allowed these unscrupulous people to undertake money laundering, fund terrorism and other criminal activities. These attacks are not just limited to small time ad-hoc efforts but they can be streamlined targeted affairs for a particular purpose.

As an example, during the recent American presidential elections, unsolicited e-mails with convincing subject matters where directed at party members involved in the campaign in an attempt to quietly infect the users computers and capture all their e-mail traffic and data contained within the PC. One can only imagine what that type of data could be worth to the highest bidder. So this type of criminal activity is rapidly becoming mainstream, the number of detected viruses over the past two years is almost equal to all the viruses detected since they started recording such information.

It doesn't stop there. Mobile devices like phones are the latest target. Infected phones can be controlled without the owner knowing. This can include turning on the microphone remotely to listen in to conversations in a board meeting, turning on GPS and tracking every movement and reading text and e-mail messages.

Read more on IT governance