Cyber-security enters boardroom
By Nick Easen for CNN
Employee abuse has been identified as the greatest risk to business.
YOUR E-MAIL ALERTS
Follow the news that matters to you. Create your own
alert to be notified on topics you're interested in.
Or, visit Popular Alerts
HONG KONG, China (CNN) -- In the boardroom, security officers are getting a greater say when it comes to corporate decision making.
And it is not just due to the scourge of spam, viruses and cyber crime.
Doing e-business means a greater number of customers, partners and suppliers, and even government regulators need unparalleled access to corporations' computer systems.
"It's a very different security situation these days, where many of your insiders are not actually employees," Thomas Parenty of Parenty IT consulting told CNN.
"Many people from the outside now have a much better opportunity to do harm to you rather than just the random hacker who's just coming in over the Internet."
Firewalls, virus and spam protection are only part of the picture.
How to support an "always on" business environment, yet defend assets from cyber attack via the Internet, is now a major concern.
"If you have all your protection up-to-date it still doesn't allow you to answer questions such as are my customer financial records safe or are the designs for a new product protected from competitors," says Parenty.
According to the State of Information Security Survey 2003, a complex integration of technology, education, risk analysis, as well as corporate and government regulation are needed.
"In many parts of the world governments and many industry sectors are rolling out legislature and regulations that are imposing greater obligations on IT departments," says Simon Harriss of Accenture Consulting.
"This is clearly putting security on the CEO and CIO agenda."
Microsoft is also making security a top priority. The latest version of Office has new information management features for businesses.
Senders can specify who opens e-mails, make changes, forwards, or prints them. There is also an expiry function, after which no one can open them -- same for documents.
Company policy and the law is only just beginning to play its part in order to minimize cyber risk.
"There is a definite trend that existing laws are being specifically refined to cover the Internet," says David Ellis, a lawyer at Johnson Stokes and Masters.
"Its pretty rare for companies to have a snooping policy, although it is getting more common."
And with the rise in cyber threats Ellis believes employees need to be more aware of their rights and their company's e-mail and Internet usage policy.