What part is at risk?

What part of my business is at risk?

Although the Internet offers many benefits, using the Internet to do business can carry risks.
Because the Internet is designed to offer easy communication between individual computers, it opens up the possibility of outsiders breaking into your computer systems and stealing valuable information, such as credit card numbers.
Any information transmitted over the Internet can be intercepted at any point if appropriate security precautions have not been taken. This is particularly important where businesses are using broadband technology because of its continuous connection to the Internet.
Unauthorised users can take your data and disclose it, modify it, destroy it, sell it or post it on the web. They can hi-jack your homepage or your website, overload systems so customers cannot contact your company, shut down production lines and forward confidential staff details, personnel records and quality assurance reports.
As more and more people and businesses start using the Internet as a business support tool a new range of issues about security has been identified.
To help you determine your approach to information and system security, ask yourself the following questions.
What is most important to my customers, business partners and suppliers?
They are likely to require that:
• your information systems provide business data that is reliable and accurate
• systems that process data are available 24 hours a day, 7 days a week (ie 24/7)
• any customer or business partner information that is handled by the system is secure
• customer personal information will remain private and will not be shared with others
• financial data will be secured and not compromised, corrupted or destroyed
• systems are in compliance with any regulations requiring that critical business data will not be available or disclosed to unauthorised persons.
What security promises do I want/need to make to my customers, business partners and suppliers?
It is important to define what promises about information and system security you currently make or will make in the future to your customers, business partners or suppliers. Whatever you promise will drive your business projects and the levels of security needed to support them.
For example:
• If customers or business partners entrust their sensitive information to your care, you need to demonstrate that you can maintain confidentiality.
• If business partners depend on your availability 24/7, availability should be an important security concern.
• What are the implications for your business if a virus attack or a denial of service (DoS) attack takes you off-line for an extended period of time?
• Customer reliance on the accuracy of your data means you must have good data integrity controls in place. Can you currently detect an unauthorised access attempt to your system and can you gauge the impact this might have?