Hackers talk their way into business computers
There has been a recent spate of events putting business computers at risk.
The scenario is basically a business owner receives a call from a so-called technical support company who indicate that there is a problem with the computer system and that they can install some software to remotely check and resolve the issue. If allowed in, they then proceed to either add viruses or hack into the system looking for confidential and financial information.
Does your business have the required policy in place to protect against any third party ‘intrusion’ into your business systems?
Every business should have a policy around allowing third party access to their systems whether remotely or on site. That policy should look something like this generically:
The Organization maintains the security of its information processing facilities and information assets in relation to external parties. All external parties who need to access any organizational information assets are subject to this procedure. The organization has (or may have) external party agreements with the following categories of organizations, all of whom are covered by this procedure; risks may be assessed for external parties as individual organizations or as categories, depending on the level of risk involved:
a) Service providers;
b) Managed security services;
c) Customers;
d) Outsourcing suppliers (facilities, operations, IT systems, data collection, call centers, others);
e) Consultants and auditors;
f) Developers and suppliers of IT systems and services;
g) Cleaning, catering and other outsourced support services;
h) Temporary personnel, placement and other (casual) short-term appointments.
A risk assessment should be carried out and appropriate controls put in place. It should not be possible for a third party to be able to repudiate any action or activity carried out. i.e. it should be traceable and attributable at all times. They should indemnify you against breaches of data protection act, computer misuse act and other acts eg copyright. Clear statements about what they can and can’t do with or without permission should be stated.
That is just a small example of an area most small businesses and some larger ones too are either ignorant of or take the view it will not happen to me. They rarely understand or recognise the need for a managed approach to IT Governance and Information Security.
For further information, contact Richard Harrison.
Free Resources
Related posts:
- Government disagrees with itself on the impact of Business Link’s closure NFEA, which represents local enterprise agencies, made the claim ahead of the winding down of the local elements of government-backed Business Link services which will be...
Leave a comment
- Paul Green's 'Top Tweets' Daily is out! http://t.co/eppJSHeJ ▸ Top stories today via @Kirsty_Henshaw @simplybusiness @PaulSloane 17 hrs ago
- @paulgoodfellow5 Hi Paul - sounds interesting. What sort of help are you looking for? 1 day ago
- How do you get the positioning right for your business?: http://t.co/dccfNtYn 1 day ago
- The best attended networking group to date #NABONetworking http://t.co/9W6SpQEj 1 day ago
- I just became the mayor of Home on @foursquare! http://t.co/TPjSOvqS 2 days ago
- Waiting for train to start the journey home. (@ Bletchley Railway Station (BLY)) http://t.co/aT9iL5Oe 2 days ago
- Lunchtime :-) (@ The Barge Inn) http://t.co/19UyEoNS 2 days ago
- More updates...
