January 19, 2009

Sounding Board
Written By Jonathon Narvey

Businesses can do a lot to protect consumers’ private data from cyber criminals, says Pacific Coast Information Systems Ltd. (PCIS) president Vaclav Vincalek.

“Technology solutions already exist for corporate Canada to stop the hackers,” Vincalek says. “As it stands right now, not enough companies are using them. They may want to do something to protect their clients and themselves, but just aren’t sure how to do it. In the meantime, it’s making the entire Internet a very unsafe tool for any computer user.”

A national survey from CA Canada showed more than 20 per cent of enterprises reported a loss of private data as a result of security attacks and breaches, up from 10 per cent two years ago. Intellectual property losses doubled from 2006 to 2008. “Clearly, corporate Canada can do more to ensure information is secure, whether it’s their own information or their clients’ information,” Vincalek says.

Vincalek suggests the following helpful tips for improving web security:

Get a web security audit to check your website or web application for vulnerabilities. Firewalls and virus scanners are not effective against up to 75 per cent of hacker attacks, which are aimed at the web application layer. The web audit will find the vulnerabilities the hackers could use to steal your clients information.
Get a report on the vulnerabilities that are found and see if your web application is compliant with the dozens of regulatory regimes that govern web security. Companies that provide web security audits may be able to provide this report to you directly.
Understand the web audit report. It’s not necessary for the average business owner or manager to go through every line of a web audit report. But your in-house IT department should be able to tell you what the report means and how to fix the problems. If the report doesn’t include suggested fixes and you don’t have the in-house IT capability to fix vulnerabilities on your own, the company that provided the web security audit may be able to provide experts to help you understand the issues.
Fix the vulnerabilities. Conducting a web audit that discovered problems and then ignoring the results is like failing a building safety inspection and continuing to run your business out of the condemned property. Doing nothing could make you extremely liable for any security breach. Again, if you don’t have the in-house IT expertise to fix the vulnerabilities, the company that provided the web security audit should have consultants available to help you fix them.

For more information about web security solutions for business from PCIS, visit www.pcis.com.
Reprinted with permission.