Information centre menu
News Newsletters Events Articles - Articles Archive 2008 - Articles Archive 2007 - Articles Archive 2006 - Articles Archive 2005 - Articles Archive 2004 - Articles Archive 2003 - Articles Archive 2002 - Articles Archive 2001 - Articles Archive 2000 - Articles Archive 1999 - Articles Archive 1998	Whodunit? By Andrew Cairns, Projects Manager, PDMS Don’t worry, I am not about to bore you with the classic 1970’s 'whodunit' board game Cluedo, where all the family aspired to be budding detectives. The purpose of which was lost on me at the time, but through a series of rolls of the dice and reading of cards, you had to establish whether it was Colonel Mustard in the Library with the Candlestick, or Mrs Plum in the Dining Room with the Knife; but I am going to discuss something similarly boring (or is it?), security! We are all familiar with security, we lock the car at night (don’t we?), our doors and windows are fitted with adequate locks, some even have alarms, and we have passwords for our online accounts and pin numbers for that magic hole in the wall that gives us money. The same is also applied to our business lives; we have security passes and key codes, passwords and the like to help us with our day to day business activities, sometimes, it has been known for these to be written down on post it notes and affixed to monitors so that they aren’t forgotten! But that particular faux Pas aside, do we really know what the security risk is to our business? Occasionally we hear stories of how the security of business systems has been compromised, with the acquired information made public or used against the business for other profitable means. But have you ever thought how many of these security breaches come from within? Let’s look at things a little closer. As our economy becomes more global so does our workforce, which brings with it the challenge of taking up references and vetting peoples career history. Do you always really know who you are taking on and what secrets they may have in their past? I’m not suggesting for one minute that people who are not local are not trustworthy, far from it, but it does make validating references and taking up security checks a little more difficult, which is why over the last 20 years or so specialist agencies undertaking this type of service have come into being. Looking closer to home and in particular in the office, what risks are there to your business in terms of information security? We nearly all have employee records, client lists and products and services development. If any of these details suddenly ended up in the press, on the web or in your competitor’s hands, how could it have got there? Your business systems could have been compromised, but the risk of that happening is fairly minimal isn’t it? Or an employee could have genuinely mislaid a document whilst out on business. But let’s be a bit more sinister in our outlook; let’s say that this leak was deliberate. How could it have happened? The simplest method is that it could have been a photocopy of a document or print out of a file taken out in a lunch box, briefcase or handbag. It could have been a file sent by email or even uploaded to an internet discussion board. All of which are probable methods, but access to certain websites can be blocked as can certain email functions, and in some instances print logs kept, whilst most businesses record outgoing mail. So what other means are there? Well in my hand at the moment I have a little piece of plastic which measures approximately 3cmx2cm costs about £30 and is capable of holding 256Mb of data. It fits nicely into a slot in my laptop computer. Next to me on my desk I have a phone which can download information from the same laptop via infrared connection whilst the laptop itself is capable of writing CD’s which are much easier to carry than printed matter (except they don’t fold all that well!) In addition to all of this in the business, there are phones which have 1 mega pixel cameras incorporated into them and PDA’s/XDA’s which can hold a substantial amount of sensitive business and personal data, all of which are taken away from the business on a daily basis. If you consider that, in the late 60’s before all this technology was commonplace, the Russians produced Concordski a direct replica of the Anglo French Concorde. It even included wrongly drilled holes in the airframe, the same as early prototypes of the Anglo French Concorde. Whilst remembering the above, ask yourself this, if espionage can happen on such a large scale, “how secure is my business?” It may well not be Colonel Mustard or Mrs Plum, who commit the next crime, but it may well be that nice man in accounts, or that new bod in the mail room or it may even be someone’s mislaid mobile phone! There is however some good news amongst all of this gloom, an increasing number of companies and government organisations (including PDMS, Manx Telecom and the Isle of Man Government) are working towards the internationally recognised Security Standard BS ISO/IEC 17799 / BS7799. This standard requires an organisation to take all of the above issues into account and manage them accordingly. Furthermore, in order to be awarded this security standard organisations have to undergo auditing of their internal security processes by an Accredited 3rd Party organisation such as Lloyds Register Quality Assurance on a regular basis. So how safe is your data, when it’s with a certified organisation, safer than it is now!

Information centre menu

Whodunit?

By Andrew Cairns, Projects Manager, PDMS

Don’t worry, I am not about to bore you with the classic 1970’s 'whodunit' board game Cluedo, where all the family aspired to be budding detectives. The purpose of which was lost on me at the time, but through a series of rolls of the dice and reading of cards, you had to establish whether it was Colonel Mustard in the Library with the Candlestick, or Mrs Plum in the Dining Room with the Knife; but I am going to discuss something similarly boring (or is it?), security!

We are all familiar with security, we lock the car at night (don’t we?), our doors and windows are fitted with adequate locks, some even have alarms, and we have passwords for our online accounts and pin numbers for that magic hole in the wall that gives us money. The same is also applied to our business lives; we have security passes and key codes, passwords and the like to help us with our day to day business activities, sometimes, it has been known for these to be written down on post it notes and affixed to monitors so that they aren’t forgotten!

But that particular faux Pas aside, do we really know what the security risk is to our business? Occasionally we hear stories of how the security of business systems has been compromised, with the acquired information made public or used against the business for other profitable means. But have you ever thought how many of these security breaches come from within?

Let’s look at things a little closer. As our economy becomes more global so does our workforce, which brings with it the challenge of taking up references and vetting peoples career history. Do you always really know who you are taking on and what secrets they may have in their past? I’m not suggesting for one minute that people who are not local are not trustworthy, far from it, but it does make validating references and taking up security checks a little more difficult, which is why over the last 20 years or so specialist agencies undertaking this type of service have come into being.

Looking closer to home and in particular in the office, what risks are there to your business in terms of information security? We nearly all have employee records, client lists and products and services development. If any of these details suddenly ended up in the press, on the web or in your competitor’s hands, how could it have got there? Your business systems could have been compromised, but the risk of that happening is fairly minimal isn’t it? Or an employee could have genuinely mislaid a document whilst out on business.

But let’s be a bit more sinister in our outlook; let’s say that this leak was deliberate. How could it have happened? The simplest method is that it could have been a photocopy of a document or print out of a file taken out in a lunch box, briefcase or handbag. It could have been a file sent by email or even uploaded to an internet discussion board. All of which are probable methods, but access to certain websites can be blocked as can certain email functions, and in some instances print logs kept, whilst most businesses record outgoing mail. So what other means are there? Well in my hand at the moment I have a little piece of plastic which measures approximately 3cmx2cm costs about £30 and is capable of holding 256Mb of data. It fits nicely into a slot in my laptop computer. Next to me on my desk I have a phone which can download information from the same laptop via infrared connection whilst the laptop itself is capable of writing CD’s which are much easier to carry than printed matter (except they don’t fold all that well!) In addition to all of this in the business, there are phones which have 1 mega pixel cameras incorporated into them and PDA’s/XDA’s which can hold a substantial amount of sensitive business and personal data, all of which are taken away from the business on a daily basis.

If you consider that, in the late 60’s before all this technology was commonplace, the Russians produced Concordski a direct replica of the Anglo French Concorde. It even included wrongly drilled holes in the airframe, the same as early prototypes of the Anglo French Concorde.

Whilst remembering the above, ask yourself this, if espionage can happen on such a large scale, “how secure is my business?”

It may well not be Colonel Mustard or Mrs Plum, who commit the next crime, but it may well be that nice man in accounts, or that new bod in the mail room or it may even be someone’s mislaid mobile phone!

There is however some good news amongst all of this gloom, an increasing number of companies and government organisations (including PDMS, Manx Telecom and the Isle of Man Government) are working towards the internationally recognised Security Standard BS ISO/IEC 17799 / BS7799. This standard requires an organisation to take all of the above issues into account and manage them accordingly. Furthermore, in order to be awarded this security standard organisations have to undergo auditing of their internal security processes by an Accredited 3rd Party organisation such as Lloyds Register Quality Assurance on a regular basis. So how safe is your data, when it’s with a certified organisation, safer than it is now!