Recently we reviewed the IT security systems for a publisher, who shall remain nameless, that had just undergone an audit by a CPA firm. The CPA firm overlooked a major hole in the publisher's management information system (MIS) security.
In our experience, 95% of security threats are internal (employees of the company) and 5% are external (hackers, viruses and worms).
ERP solutions, that store data in encrypted files are relatively secure against external threats provided that the external threat (i.e. hacker) can't gain access to a user id and password that allows access to the system and the user id that allows access to the ERP software.
At this publisher, we found that although the internal systems were secure managers who accessed the system's web site interface remotely were often doing so via systems that had expired internet security and firewall software or in two cases had turned off the security software on their laptop (as they said that it slowed their internet access).
With the security software on the external laptop turned off or expired, it would have been relatively easy for a hacker - perhaps using keyboard logging software - to obtain a copy of the user's userid and password as he entered it.
IT managers need to review and secure external internet access with an integrated set of policies, procedures, software and hardware designed to protect the company's property and customers.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment