Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Surviving a systems security breach

by Personnel Today 5 Feb 2002
by Personnel Today 5 Feb 2002

Having
effective software and monitoring in place, as well as a planned response to a
security breach are vital to protecting your company. Keith Rodgers reports

Security
experts advise organisations to plan well in advance for attacks by hackers and
unauthorised access incidents. But users face one big problem – they won’t
necessarily know they have been a victim of a security breach even after the
event.

Many
amateur hackers take pleasure in boasting about their exploits, often leaving
digital graffiti on websites. But the greatest risk comes not from
mischief-makers, but from malicious attacks and attempts to grab information
for gain.

In
these instances, the quality of the organisation’s monitoring software is
vital. It will determine whether the system administrator is even aware
security has been compromised. By building in alerts that warn of changes to
key data and attempted access, organisations can monitor user behaviour and
establish when an intrusion has occurred.

Experts
agree that reacting to attacks will mostly be dictated by effective planning.
Monitoring doesn’t just indicate an intrusion has taken place, for example – it
is essential to allow organisations to work out how extensive an attack has
been.

Simon
Owen, a partner in Andersen’s technology risk department, warns that one of the
most expensive elements of security is finding out exactly what occurred,
before the damage can even start to be repaired. If adequate monitoring wasn’t
in place, that process can be extensive.

Once
an alarm has been triggered, argues Mark Frear, head of enterprise portals at
SAP UK, it is critical to escalate the search. There has to be a clear
reporting path, mapped out in advance.

In
practical terms, most organisations will seek to establish how the security
system was breached as quickly as possible. It will act to prevent further
incidents, even if it  means taking some
systems offline. Establishing whether data has been compromised and
confidential information lost is also a clear priority. Again, those
organisations that planned for potential disasters by installing data back-up
facilities are the most likely to recover fast.

But
as Owen points out, problems don’t stop there. Dealing with the media may
become an issue for large organisations. Internal communications are essential
for all companies, particularly if individual privacy has been compromised.

Violations
could also have legal implications, especially in the UK where the Data
Protection Act and EU directive on privacy are hot topics. For regulated
industries such as financial services, explaining the nature of the attack and
the extent of any damage to the relevant authorities will be a time-consuming
and potentially costly exercise.

Most
organisations prefer to keep information about attacks under wraps, but vendors
argue organisations should make every effort to establish the source of the
hacking rather than focusing exclusively on remedying the problems.

Mike
Richards, CEO of Snowdrop Systems, recommends that organisations hire
specialists to track down the intruders – at least to establish how they gained
entry. It may also pave the way for future legal action.

For
the HR department, the custodian of some of the most confidential information
within an organisation, the message is clear: the speed in which an
organisation can recover from an attack largely correlates to how much ground
it has prepared in advance. That requires HR to work closely with IT to
establish what procedures need to be put in place.

Avatar
Personnel Today

previous post
SWT accuses RMT of ‘cynical disregard’ of passengers
next post
Compulsory arbitration is needed says SWT

You may also like

Five steps for organisations across the globe to...

8 Jun 2022

The Search for Talent: Six Major Employer Pitfalls

24 May 2022

Grants scheme set up to support women’s health...

16 May 2022

How music can help to ease anxiety at...

9 May 2022

OH will be key to navigating ‘second pandemic’...

14 Apr 2022

OH urged to be aware of abortion consultations...

8 Apr 2022

How coached eCBT is returning the workplace to...

8 Apr 2022

Why now is the time to plug the...

7 Apr 2022

Two-thirds of shift workers feel health affected by...

18 Mar 2022

TUC warns of April Covid risk assessment ‘confusion’

14 Mar 2022
  • NSPCC revamps its learning strategy with child wellbeing at its heart PROMOTED | The NSPCC’s mission is to prevent abuse and neglect...Read more
  • Diversity versus inclusion: Why the difference matters PROMOTED | It’s possible for an environment to be diverse, but not inclusive...Read more
  • Five steps for organisations across the globe to become more skills-driven PROMOTED | The shift in the world of work has been felt across the globe...Read more
  • The future of workforce development PROMOTED | Northumbria University and partners share insight...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2022

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2022 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+