Understanding The Role of Information Security In Brand Protection

It is vital that businesses understand the impact that inadequate Information Security (IS) can have it takes significant time and investment to build a strong brand.

Companies with a strong online presence, such as Internet banking, are now being targeted every day by 'phishing' attacks online crimes that use Spam and social engineering techniques to direct Internet users to legitimate looking websites but are in fact controlled by thieves. In the last twelve months all the high street banks have been victims of such online scams. Customers of e-commerce shopping sites such as Argos, Amazon and eBay have also been targeted in the same way. As a result consumers are becoming increasingly fearful of all online transactions and dealings.

It may be hard to believe, but at the click of a button one employee can destroy years of brand development employees accidentally, or even purposely, leaking confidential information via email can result in extremely damaging front page headlines. Most organisations fail to recognise that almost all of their confidential information sits in electronic format with around half of it stored within their email system. The very real threat is that this sensitive data can be sent from anyone in the company to anywhere and at anytime. Compliance regulation however, has forced many organisations to look at ways in which they can observe, monitor and report on network traffic and if necessary block such communication threats.

Furthermore, the last decade has witnessed a significant shift of focus with business responsibility and ethics now playing a much greater role in consumer behaviour. Exposés revealing that organisations have failed to prevent staff from spending hours surfing for porn or accessing hate websites directly impact the organisation and its reputation. Moreover, businesses need to be more aware of their duty to protect employees from exposure to offensive, hateful or discriminatory material. The UK is becoming an increasingly litigious society with the number of cases of employers being sued based on inappropriate Web and email content growing.

Firms call for action on wireless security
Manufacturers should design out security flaws

Major companies are calling for wireless product manufacturers to improve security standards and say vendors should not expect users to take on the burden.

International user group the Jericho Forum says one of its highest priorities is to draw up a set of wireless security requirements for suppliers.

IT security officers at last week's Infosecurity Europe conference in London told Computing that wireless manufacturers should design out security flaws before launching products, rather than push the responsibility onto customers.

'We have our own wireless security policies and standards, but unfortunately we have to use add-on technologies before deploying wireless,' said David Lacey, director of information security at Royal Mail.

'This is because the current out-of-the-box software doesn't provide sufficient security.'

Lacey says that the Jericho Forum, which he chairs, plans to create a white paper outlining corporate requirements.

Simon Norbury, head of IT at Westminster City Council, which uses wireless networks across London's capital to aid council inspectors in their job, has also called for an improvement in security standards.

'The wireless network is an extension of our council network onto the streets,' said Norbury.

'If, at any point, the public felt our wireless networks were insecure, then we could no longer have the confidence to move the use of this technology forward.'

BT, Cisco and Intel also announced that they are teaming up to educate businesses and users on how to prevent hacking into wireless networks.

The manufacturers have issued security guidelines and have agreed to support wireless security standards, including IEEE 802.11i and version two of WiFi Protected Access.

But Andy Goodman, information risk management head of projects at Barclays Capital, says wireless security practices need to be automated if security breaches are to be avoided.

Digital rights management technologies can also help protect sensitive data through encryption, he says.

'To make mobile security work a lot more fluidly, we need to stop relying on the user to do the right thing. For the end user it's a bundle of arcane rituals.' he said. 'The user is flawed, and doesn't understand security.'

What do you think? Email: convergenceplus@vsnl.net