The enemy within
Page 51
If you've noticed an error in this article please click here to report it so we can fix it.
These days many hauliers have a computer system to run their traffic management, accounts and invoicing. They presumably believe that potentially sensitive information is for their eyes only and reasonably thiefproof. This is not always the case...
Have you ever stopped to think just how vulnerable you and your business are to computer crime? Few hauliers do—until they become a victim.
Consider the facts. An unscrupulous employee who wished to set up on his own could, with the touch of a button, a few floppy disks and some unsupervised time, duplicate information about your clients which might have taken years to build up.
The threats do not have to come from hostile action. If the computer in your business didn't work, maybe because of a computer virus, how long could you continue to operate—weeks, days or hours?
The latest survey published by the Department of Trade and Industry, ICL and the National Computing Centre has shown that 80% of organisations in the UK have suffered a security breach in the past two years. The report estimates that the total annual cost of these incidents exceeds £1.2bn, which is a 12% increase on the previous survey's estimate, published in 1992.
Up to 25% of these security breaches involved significant or serious losses. The categories which had the greatest impact on networks included fraud and fires; viruses and theft are the most common breaches for PCs. Power failure is a major source of problems for all types of system.
The estimated average cost of a computer security breaches was £9,361: one incident was a fraud costing 11.2m.
However, the cost of the breach is only calculated in 22% of incidents. The work after wards—investigation and checking—is a far higher cost than many had anticipated; in some cases this cost more than the security breach itself.
The way to handle security problems effectively is to have contingency plans, but in 75% of cases with logical breaches there was a failure to observe the standards in the contingency plan. Such plans have to be tried out regularly and then adapted if they do not do the job.
The Computer Misuse Act encourages tighter security measures. Operators and their staff must be aware of the penalties; training and corporate standards are the keys to PC security. The problem here is that while more than 50% of the firms surveyed have a formal computer security policy, only 15% have a specialist security function. Although 59% of respondents have contingency plans, 40% of them do not test their plans regularly.
The greatest security risks lie in the growing use of personal computers, running alone and on networks—and statistics show that your own staff are more likely to cause problems than outside hackers. Contractors are another major source of security problems, especially when they aren't vetted effectively. Too much tends to be taken on trust, especially among smaller operators who are still getting used to computers.
Malicious
In a number of cases the problems were clearly due to malicious staff. When there had been a single theft at any of the companies involved, multiple thefts over a period of years tended to follow. In one case, a victim company claimed on its insurance policy. The insurance company then imposed penalties on the policy to discourage the customer from claiming again. As with truck theft, the haulier faces the cost of higher premiums, as well as the original crime.
An effective way of tackling security problems is to check out your staff, including any contractors who are working in your company. As with truck theft, the wise haulier doesn't sit back and assume he won't become a victim: protecting your database and accounts is as important as protecting your trucks.
E by Neville Ian Ash
A code of practice on information security management is available from BSI publications, Customer Services, Linford Wood, Milton Keynes, MK14 6LE, phone (0908) 221166.