About
Subscribe

How vulnerable is your company?

By Andrew Brown, Division Manager, Spartan Technology Rentals
Johannesburg, 12 Jun 2000

Have you ever wondered how your competition got hold of your customer database or suffered because your IT people tell you that they can`t invoice this month because the system is down? Can you be sure that Mr X who was fired last week or resigned yesterday has not taken your valuable company data with him?

How many of us who manage our IT infrastructure knows how vulnerable our company is to the loss of data due to theft (internal or external)? Bear in mind that loss of data, via theft, is not a physical loss - the company will still be in possession of the data, but so will others.

As part of its strategy, a company needs to consider its vulnerability to loss of data by performing a Company Vulnerability Assessment. Unfortunately to carry out such an assessment costs money. This has usually not been budgeted for and will require much effort and motivation to get it included in the budget. In fact in many cases it is only after a disaster has occurred that companies look at their vulnerability. For some businesses, where the competitive edge is measured in web years, this could be too late!

For a Company Vulnerability Assessment to be successful it is imperative that there is buy-in from the CEO, the Financial Director and other senior management in the company. Although not applicable in South Africa, in certain countries in the world, the Directors can be held personably liable for loss of corporate data, as it forms part of their responsibilities.

The starting point for such an assessment is to identify what needs protecting and to what extent (critical to the operation, complementary to the operation or ancillary). For example, a Customer Relationship Management Database is critical to a service-orientated organisation and could be very valuable to a competitor. It is therefore necessary to ensure that the data does not leave the company. Equally important is an accounts system that may reside on a server. If the network crashes during month-end, denial of access to this resource could seriously affect the performance of a company.

On completion of a preliminary evaluation at a strategic level of what data needs protecting it is a advisable to employ the services of an outside, specialised company to perform an analysis of your company`s vulnerabilities. They can advise as to what should be protected and the steps needed to be taken to achieve this goal.

Share

Editorial contacts

Andrew Brown
Dynamic Recovery Services