This snapshot, taken on 26/07/2008, shows web content selected for preservation by The National Archives. External links, forms and search boxes may not work in archived websites.
 
 26 July 2008
Department for Innovation, Universities and Skills (DIUS)
 
You are here:
 

Risk

If you allow access or connectivity of any type to your system, you are at risk from unauthorised access. Check this section for:

What are the risks?

There will always be cases of internal users trying to gain unauthorised access to applications and information, just as there will always be people outside who are keen to see what your systems are like, or what they contain.

Risks are increased if you have something of interest or value. For example:

  • Payment systems
  • Research information (especially if you are trying to develop things that will require patents or copyright to protect them after they become public)
  • Desirable software that can be downloaded
  • Politically and commercially sensitive information, such as salary levels, marketing plans and sales prospects

Why do people do it?

There are many reasons why people attempt to gain unauthorised access to information and systems. For example:

  • Stealing company information
  • Breaking in for fun
  • Disruption of corporate service by competitor
  • Social hacking - another version of 'fun'

The enemy within

There is significant evidence that many of the most damaging intrusions come from inside. There is nothing as dangerous as a knowledgeable insider using permissions, skills and knowledge to damage your systems and processes.

Points to consider

  • Is there a firewall  for your Internet connection?
  • Do you have an Intrusion Detection System
  • Are there established policies for checking that your protection systems are working properly, and that their logs are being examined appropriately?
  • Are your systems (especially firewalls) updated with patches and hotfixes  to ensure the latest known intrusion techniques are countered?
  • Have your systems been hardened  for maximum security?
  • Do you employ basic housekeeping  measures like regular backups, and disabling logon accounts of people as they leave your company?
  • Would your staff be aware  if somebody was accessing your systems illicitly?
  • When did you last review physical security? Do you know who is actually on your premises at any given time? Can you find out easily?

If you have answered NO to any of the above, you should consider taking some steps towards prevention  as soon as possible

If you have suffered an intrusion, and are looking for immediate help, see our Incident Management and Unauthorised Access Recovery pages

© Crown copyright 2008