The rising threat of pandemics

31 Dec 2009

As well as the odd computer virus, businesses need to have plans in place for the threat of a flu pandemic.

Until a firm suffers a security breach, often they view spending on IT as a cost rather than as an enabler and take the easy option and scrimp on putting in place the right anti-virus software and other tools to keep precious data safe.

However, says John Ryan, managing director in charge of security at IT services firm Calyx, this is not a wise option. Calyx provides IT support and services to thousands of businesses in Ireland and the UK, including SMEs, corporates and government departments.

“Many business owner managers look at security as an insurance policy in case something happens. The other point is that security should be seen as an enabler to allow people to work securely remotely.

“For example, there is a potential pandemic coming during the autumn and winter months. Large organisations are looking at ways to deal with this, such as who can work from home. There are certain jobs that can be done remotely and a lot of office functions that can.”

But, Ryan warns, many Irish organisations aren’t taking steps to protect themselves.

“This goes back to an odd Irish mentality around home working. In the UK the opposite is the case, where many people work from home and go to the office only for the weekly or monthly sales meeting. They are measured more for their job performance than their attendance records.

“In many Irish companies many people can’t do this because of security and the firewall. But if they address the issue they can turn security and remote working into an enabler for the company and the employee.”

Calyx provides a cloud computing service that is capable of allowing any laptop that is connected to the internet to have secure access to the company network.

“This is an SSL (secure socket layer) virtual private network (VPN) technology. The good thing about it is that companies don’t have to invest in hardware; it’s all built into the service.

“SMEs can use the technology to take advantage of people’s ability to work from home via broadband and provide the same level of service and security that most large enterprises enjoy.”

But there is also the danger of companies that do encourage staff to work from home but don’t invest in the right security technologies. “Many of these companies fool themselves into thinking they have all the bases covered. They don’t make sure that staff are using the right anti-spam technologies.”

Ryan points to technologies from Trend Micro and Websense that ensure that all email is routed and cleansed before it gets to the customer. “SMEs don’t have the resources to implement advanced technologies themselves and don’t want the headache of managing them.”

The propensity for small companies not to invest in IT security is a worrying trend and Ryan says many SMEs fall into the trap of thinking hackers are only interested in attacking larger, better-known organisations.

“According to research conducted by Visa, 80pc of all hacks in the past year were carried out on merchants that typically carried out fewer than 20,000 online transactions per year. That could be your typical hotel or small business on the internet.

“Hackers today are looking for easier targets to attack. Another area of choice target are companies that use shared services. If 10 businesses are running on the same server in a co-location centre, they too are easy targets.”

Ryan said the changing nature of IT security – where a perimeter no longer guards the physical network because of the proliferation of smart phones, laptops and memory sticks – means that businesses are at risk of data loss and reputational damage and not just financial theft.

“More than 600,000 laptops were lost or stolen in airports last year. Stuff is getting out there. Imagine if you had 20,000 customer transactions sitting on a USB stick or someone decides to take customer data off-site and onto their iPhone and it goes missing.

“The problem tends to be centring on the large organisations like banks and public sector bodies that lose laptops, but the problem is actually widespread.

“Firms will need to be more vigilant around where information goes and there is software available to ensure that certain classified documents don’t leave the building or the network on any external device or drive.

“Firms also need to beware of malware, spam and viruses, not just the medical kind,” Ryan warns.

By John Kennedy

Photo: John Ryan, managing director, Calyx.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years