Addressing the lack of e-confidence

Network security has hit the headlines again, following a number of high profile online security breaches.

Barclays, for one, recently upgraded the software on its e-banking site, but when the application came online earlier this month, users were able to see other customers' account details. In a similar incident, PowerGen left vital customer details, including credit card account information, on a section of its site that wasn't covered by the firewall.

Barclays has since reopened its online banking service, but has reverted back to using its older software, while PowerGen has reviewed its security practices. Such incidents stay in the public consciousness, however, and inevitably cause a lack of confidence in internet-based services.

But the fact that such easy-to-spot security problems were missed at all, proves that network managers do not simply need to invest in the latest tools. They also need to be aware of possible breakdowns in basic security processes.

Such vigilance becomes particularly important as more bricks and mortar companies move elements of their business onto the internet and the number of online services such as e-banking and ecommerce continue to increase. But the recent much talked about incidents highlight the fact that organisations are still finding themselves subject to easily avoidable errors.

And worryingly, a Mori poll conducted for the National Consumer Council (NCC) found that consumers' lack of confidence in online security is seriously hindering the take-up of ecommerce in the UK.

Online doubts
Anna Bradley, director of the NCC, said: "It is especially worrying that internet users are more, not less, likely to harbour doubts about shopping online. For instance, almost four out of 10 adults see the need to release credit card details as a major disadvantage of internet shopping. Among internet users, more than half feel the same way."

Malcolm Skinner, product marketing manager at security vendor Axent Technologies, said that simply implementing security systems is not enough. There is also the need for a firm set of security guidelines. "Look at PowerGen and the recent security problems. Putting the technology in place is all very well, but it falls down if there isn't a good policy behind it," he said.

Piecemeal security
Sandra Baccari-Edler, a research analyst at IDC's European business infrastructure and technology services unit, warned that companies with piecemeal security in place are both at risk from hackers and are putting themselves at a disadvantage to competitors.

"Companies are putting up walls or filling in holes and are not building a secure environment based on a cohesive, holistic security policy," she said. "If ebusiness in Europe is to be successful, this approach will have to change. Security needs to be incorporated into a corporate culture, not treated as an add-on.

Bradley said that a company's reputation was all-important to users who want to know that their private information will remain secure because their faith can be shattered by a single security breach.

"Consumers try to minimise the risks by shopping from online channels run by established, well-known brands and retailers. Of internet users, 28 per cent say they would look for a recognised brand name, while 22 per cent would feel safer shopping on the site of a high street retailer," she said.

Virus education
Jack Clark, European antivirus (AV) product manager at Network Associates, said that the same situation is true of viruses, and that network managers have to do more than just update their AV software to ensure their systems are safe.

"If you look at any vendor's virus alerts page, you'll not only see links to the latest driver files, but quite often to a patch released by a software company to close yet another hole in one of its applications. We have to get the message across to end users and system administrators that updating your AV software is not enough. It may stop you getting infected, but it won't necessarily stop you from being affected," he said.

Graham Cluley, senior technology consultant at AV vendor Sophos, said that developing a security policy has to involve educating staff as viruses such as the Love Bug prey on people's inquisitive natures. "The temptation to open a 'love letter' or a 'joke' is hard to resist, but this is the age of the mass emailing virus, when the consequences of letting your guard down can be significant and widespread," he said.