Security is the number-one issue in every corner of the IT world, and if you don't have a chief security officer at your shop and a solid plan, you could be in real trouble.

It's essential to have someone in charge of security who knows what to do when a bug gets into your system, how to deal with a random cyber attack, and most importantly, how to guard against and prevent attacks from happening in the first place.

This week, we report on several new issues relating to security. The financial industry, for one, is looking to outside contractors to help put a shield around their systems.

There also are new warnings that Conficker, the renegade worm that attacked almost a year ago, is still with us. There are conflicting theories about what this virus is--a mischief maker or foreign intelligence attacker? This is just the latest threat, but it is real and cannot be ignored.

One thing is certain: There needs to be a team effort to make sure the hatches are buttoned down, that everyone is on the same page so no intruder can get in the door. Ideally, it would be great to have an in-house expert, but like the financial industry, outside consultants might be the best route for some companies. Whatever approach is taken, it is important to take a number of proactive steps.

For starters, any business needs to engage in a risk assessment exercise to determine vulnerabilities internally and those that might come through the Internet.

You need to protect your own proprietary information, and any customer data that you have on your networks. You also need to have secure passwords, and make sure your in-house servers are secure. It would be wise to see if the latest patches have been installed and if your anti-virus software has been updated and is sufficient. A thorough risk assessment might raise unexpected issues or put some focus on vulnerabilities that have been swept under the rug.

Another key for any business is training and educating employees about good procedures and potential risks. Don't take anything for granted or assume basic knowledge of the workforce. Set out policies to protect your systems, and make sure they are followed. That includes the use of Facebook and social media.
 
Even with bright minds, good procedures and the best software protection, security breaches or system failures can occur. That's why all the important data and information needs to be stored regularly on a back-up system that probably should be off site. This takes time, extra work and has a financial cost, but it is essential.

At the same time, you need a contingency plan if the worst occurs and your computer networks are disabled. It's great to have the back-up data, but a business also will have to function, and a smart company will know in advance what to do and how to continue operating in case of an emergency.

The bottom line is that it pays to be prepared. Don't skimp on security, keep your alert levels high, and remember that if there is a door open, someone uninvited could come waltzing in. - Judi