Preventive measures

Unless you’ve been tinkering with the rovers on Mars and are just now returning to this planet, you’ve likely had your fill of the stories of the latest worm. And unless you’re running SCO’s Web site, you probably have had little more than inconvenience as a result of that fast spreading worm.

Sure, it slowed down the Internet and generated prodigious quantities of e-mail traffic, but if you had already protected your enterprise properly, the biggest impact you felt was the constant stream of news stories in the mainstream media.

We don’t want to inflict any more of that on you, so I’m not going to write about the recent worm. It’s already history, and you’ve got the satisfaction of knowing that your enterprise got through the epidemic just fine.

That’s important, because it’s easy to focus on the issue of the moment, and lose sight of the fact that in spite of the worm, other security threats are more important.

For example, the Mydoom worm didn’t have any effect on your need to keep your internal network secure from breaches within your organization as well as from without. It didn’t affect the need to make sure your physical security is up to snuff. And it didn’t diminish the need to make sure your anti-virus practices remained in force, since all those other worms and viruses are still out there, waiting to break into your network.

And of course, the worm had no effect on all of the other myriad duties you have on your plate. It just added a new distraction — and a new temporary duty — while you’re making sure your management knows that yes, you’re already prepared for the threats that you actually anticipated and prepared for months ago. That’s perhaps the biggest downside of an attack like the one we just had — that people who normally pay no attention to your network security (and most likely resent it) are suddenly experts for a day who want to look over your shoulder while you do your real job.

After all, it’s your real job that kept your company secure during this wormy week. Rather than dropping everything and clamoring about the worm-of-the-moment, you’ve taken a risk-based approach to your enterprise network. You know what you need to do to prevent nearly anything from bringing your network down, and you’ve already done it.

You’ve made sure your firewalls are in place, your operating systems reasonably up to date, your policies enforced, and your employees trained. You have personal firewalls where you need them, VPNs to the outside, and internal firewalls protecting the spots where there’s sensitive information or perhaps just a division of responsibility.

The nice thing about such an approach is that it’s unlikely that any single event can do a lot of damage. A rogue employee can get to her own information, for example, but she can’t get to the customer database without authorization and without passing through the internal firewall. A worm introduced on a computer that got it while being used in a hotel can’t spread because of internal protections. A hacker can’t really go anywhere even if he does manage to break in.

An even better thing about such an approach is that it’s proactive. You don’t have to go to battle stations at the first sign of a new worm. You already know that your network is protected and that you just have to keep an eye on things. That’s probably the best benefit of all.