Safe as houses?

The internet offers many opportunities for smaller businesses. In particular, it enables them to compete with larger businesses on equal terms because – in retail, especially – size matters less in the digital environment than in the real world. It also brings many risks, however, in that going online can expose businesses to hackers, viruses and other hard-todetect threats.

Such risks have received a lot of attention recently, with individuals constantly being warned about identity fraud and misuse of credit card numbers, for example. But there are signs that warnings are often not heeded by small and medium-sized businesses. Last year, 18 per cent of UK businesses suffered security breaches and 9 per cent reported that staff were obtaining or misusing confidential information.

With any such incident capable of costing smaller companies tens of thousands of pounds, it is clear that robust solutions are required urgently. In an effort to counter such threats the Department of Trade and Industry’s Global Watch Mission to the US recently reported on developments across the Atlantic, and highlighted the fact that a key part of improving security is making software less vulnerable.

Threats generally fall into three groups. Accidental actions stem from such issues as poor password choices, accidental or erroneous business transactions, accidental disclosure and erroneous or outdated software. Malicious attacks include viruses and denial of service attacks that can bring businesses to a halt through flooding online operations with traffic. Online fraud involves identity theft or data theft.

Many smaller businesses may believe they are protected from such threats through having firewalls or other forms of “perimeter security”. But such tools only provide limited protection.

Des Powley, solutions director for security and identity management at Oracle UK, points out that a particular problem is that “internal threats outweigh external threats”. Moreover, he explains that the traditional approach of locking things down is of limited use because “in reality you can’t do business in a locked box”.

The approach being taken by Oracle software, such as the solutions that are part of the Fusion Middleware offering, is to allow employees and individuals or organisations with which the organisation is doing business to see information that is not confidential while controlling access to more sensitive material.

A particular issue that may not occur to many smaller businesses concerns databases. There are regulations concerning access to certain types of data that can be contravened if certain employees can see information they should not. By having a system involving separation of data, a business can control access to relevant data. The same technology can ensure that certain employees have the level of privileges they need to carry out their jobs without, for example, compromising the organisation’s intellectual capital, says Powley.

Just as it is important to allow employees to do their jobs properly, it is crucial that they be prevented from doing it once they leave. The sort of software he advocates makes it easy to turn off or adapt employees’ access.

Among the companies seeing the benefit of this sort of approach is Adfero, an online news agency that grew out of the old Dehavilland political news service. Adfero offers customised news services for companies’ websites so that they enhance the service offered to customers and also make the companies more prominent in internet searches.

Technical director Stewart Snow says the company has teams of journalists working in Manchester and London’s Docklands and individual journalists working in different cities around the world. Clearly, a flexible yet secure system is vital, and the company – which also operates consumer websites, such as www.inthenews.co.uk – is in the process of moving from Microsoft to Oracle so that it can be sure its software is robust enough to handle all its databases in a secure manner.

Whatever the business, though, Powley believes the key is to “address the real business issues around security, not fencing silos”.

How to keep the right people in the loop

A spin-out from The Mill, a well-known London production house, Beam TV has over the six years it has been in business developed into a leading distributor of advertising material. It uses digital technology to deliver material between formats and countries.

As a result, it has transformed the way that advertising campaigns are developed and distributed. Whereas previously teams operating in different countries had to rely on receiving tapes sent at great expense by aircraft, they can now see the material instantly via the internet. However, these great savings in cost and time come with the risk of material that is often commercially sensitive being seen by unauthorised people.

Systems manager James Stewart explains that Beam needs to “make sure that the right people can access the right media”.

In its early days, the company used an open source database, but as it started to grow it realised it needed something that was robust yet readily accessible. It opted for a back-end system supplied by Oracle.

This uses a system that breaks jobs down into sessions. Once the system authenticates the user name and password of the person seeking to see the material the session checks to see who can look at it. Stewart says that by obtaining the system through Oracle partner organisation NCS it has the advantages of a reliable system without the need to pay for a full-time database administrator, which would be too expensive for a small organisation such as Beam.