Do
you remember the good old days? Innocent times spent sharing
documents and executable
files without a care in the world. Okay, every month or so
you might encounter a boot
sector virus — but they were easy to deal with even if the
anti-virus software didn't pick them up.
But
those long lazy summers disappeared too fast. Macro
viruses made Information Technology (IT) administrators
grow up fast as they realized there was a type of virus which
could spread very quickly throughout an organization. It wasn't
unusual to find hundreds of computers within personal company
infected by viruses transmitted via email attachments. The
IT staff were amongst the fittest departments in your company,
running from Personal Computer (PC) to the next cleaning them
up.
There
had to be a better way. Companies now realize that viruses
aren't "urban myths", and can have a serious impact
on their operations. They invest in anti-virus software on
the desktops, servers
and email
gateways
and even put in place procedures to ensure their anti-virus
is up-to-date with the very latest detection routines.
It
sounds like companies have put in place adequate defenses
to protect against viruses. But have they?
Anti-virus
software detects most of the viruses your users are likely
to encounter — often without the user even knowing. However,
the software must be updated regularly, preferably daily in
any large company. Even then, a very new virus can infect
your users. With the rapid transmission
of files through networks and the Internet, a virus can spread
a considerable distance before it can be identified and protected
against. Fortunately, only a few viruses ever do this but
the likes of Melissa
and the
Love Bug can inflict
serious damage before their progress is stopped. Whilst employees
become suddenly aware during the ensuing media excitement,
they soon forget about the virus threat as the stories disappear
from the news headlines.
This
is the danger. Complacency
can set in when there is no perceived "action" on
the virus front with no global crisis, and the importance
of being vigilant about viruses recedes
in your users' minds. They forget what the big deal was in
the first place — after all,anti-virus software deals
with the viruses, doesn't it? And isn't it the IT department's
job to look after this sort of thing?
Before
you know it your users are opening unsolicited
attachments once more, downloading unauthorized
software, and putting your company's data and credibility
at risk. All because the users think that they are working
in a safe environment. Employees see anti-virus software,
firewalls and IT departments as guarantees that their computers
will work and be safe. Of course, there aren't any guarantees.
Anti-virus software plays one, albeit
important, part in the defense of your company from malicious
attack but the security of your computer system is only as
strong as the weakest link. And that, more often than not,
is the human factor.
No
employer wants to come across as a killjoy
or an ogre.
Most will willingly accept that the happiest employees are
those who feel that they are respected and trusted by their
employer. Many companies accept that employees will send and
receive a certain amount of personal email and make the odd
personal telephone call.
However,
the worry comes when employees start risking company security
in pursuit of personal amusement. Funny screensavers
and games downloaded from the Internet can seem harmless enough
but they could easily be harboring a dangerous virus.
Software
downloaded from the net is often unlicensed
and unsupported, and may cause conflicts with existing software
in use at your company. Unlicensed, pirated
software is an ideal vector
for a computer virus. Virus writers and hackers
often use such software as the ideal "kick-start"
for their virus distribution.
It
is vitally important that employees be educated about the
virus threat but this cannot be a one-off
event. The potential threat should always be in the back of
an employee's mind and precautionary
measures should be taken as a matter of course. There is no
harm in reminding people about what could happen if they let
their guard down. In the end, education is the key to a virus-free
environment and this is a continual process. It may not be
the most exciting thing on the agenda but it works.
The
lesson is simple. You can have the best software in the world
protecting your company's defenses; you can even be the biggest
IT company in the world; but without your users practicing
safe computing they will always be the weakest link.
↑TOP
(761
words)
|