• RSS Feed

  • Free Skype Call

    Skype Me™!
  • Twitter

    NZbizadvice on Twitter
  • Testimonials

    "Mark has been working with me since May 2004 on many aspects of my business.

    He is very approachable & offers me practical advice and his communication skills are excellent. I would have to say Mark gives his all and is determined to help his clients succeed".

    Owner, Small Pet Shop

    "Mark Gwilliam and his team at Business Advisory Accounting & Tax Services has been my full service accounting department for many years for my companies.

    I rely on the fast, friendly and accurate information they provide me to analyse and concentrate on running my business. Any information that I need is readily available. To eliminate the costs and hassles of in-house accounting, I highly recommend Mark's team."

    Owner, Medium sized building business
  • Recommended business products

    Domain Registrations starting at $9.98* Stock Photos, Royalty Free Stock Photography, Photo Search

Are Your IT Systems Secured?

The information needs of today’s society are greater than ever, and it hasn’t escaped the notice of hackers and other unscrupulous individuals.  Names, addresses, bank accounts, credit card numbers and entire identities are at risk in today’s world as more and more people are sending these electronically through the information superhighway.  This article will cover some of the usual weaknesses in a business’ IT system.

Vulnerable to Malware

There are about a quarter of a million pieces of known malware and almost 10,000 web pages are infected by hackers all over the world.  Even big and well-known websites of reputable companies are hit by malware every now and then.  A malware infection usually allows the hacker access to sensitive data, data that you might not want other people to see.  Even if the infection doesn’t allow direct access, it will nevertheless exploit other weaknesses in your system, and that’s just as bad.

Malware often find their way into a computer through emails or infected files spread via portable storage devices like flash drives.  The easiest way to counteract this would be to get antivirus/anti-spyware/anti-adware software on all the computers and terminals that have access to the secure areas of your system.  Many antivirus providers offer business packages which are usually more effective and cheaper than the standard edition.

Knowing the method of infiltration used by malware, you could also limit how they enter your system.  Some companies and organisations have already modified their email clients to accept only text – and not HTML – emails.  Doing so will greatly reduce the threat of malware carried by unknown emails because the malicious code is often hidden in a chunk of HTML or in an executable file.

Query Exploits

Many hackers have already found that using vulnerabilities found on the forms of websites can be just as effective as sending out malware attacks.  Hackers have found ways to exploit certain limitations of online forms, giving them names, passwords and, ultimately, access you don’t want them to have.

One of the most common exploits for online forms is unvalidated inputs.  Given a certain online form, such as one that asks for an address, a hacker could enter commands (such as ones in Javascript) that could give him/her access to secure data.  Another common and much easier one is using a buffer overflow, wherein the hacker inputs more information than the buffer could handle.  By overflowing the buffer, the hacker could gain access to the application server and, consequently, all the data that that server handles.

Exploits such as the ones above are best prevented with a watertight webpage design. Stay away from older languages like C++ and try exploring the possibilities with ones like .Net or Java.  The latter two are less vulnerable and are less likely to fall prey to an attack.  If forms or any other type of user input are included in your website design, make sure to include explicit limitations, such as x number of characters for the address or strictly numeric characters for the zip code field.

The most important thing to remember is that the security of your IT system is and should be an ongoing process and not a one-time event.  As technology becomes more developed and the hackers become more sophisticated, so should you and your system.

Add a comment