Isn't it time businesses got their act together?

  TOPCAT® 17:49 09 Oct 2004

I'm speaking about the vulnerability of their desktop PCs and networks as the top twenty computer threats are unveiled at the link below.

Most of us in this forum take sensible precautions in protecting our PCs from hacker assault, but it seems to me many businesses either lack the foresight or will to do anything about it. Which probably costs them dearly in the long run. TC.

click here

  LastChip 18:29 09 Oct 2004

Some businesses lack any form of security (in it's widest sense) due to ignorance.

Some are of the opinion, they will patch when someone gets the time to sort it out; of course, that time never arrives.

Some however, are keen to operate in as secure environment as possible, BUT, have bespoke software that is often mission critical and therefore, patches have to be thoroughly tested prior to roll-out. Sometimes, the patches "break" other software, so although in principal they would like to secure the system, the problems outweigh the advantages, and systems remain vulnerable.

It is noticeable that IBM, surly one of the largest IT companies in existence, refrained from introducing SP2 to XP, precisely because they wanted to thoroughly test it first with their other software.

So, Yes. Some companies need a good kick, but for others, it is a far more complex affair.

  Forum Editor 18:51 09 Oct 2004

in a recent edition of ther magazine. It is indeed a worrying fact that many businesses are wide open when it comes to security. They fail to develop an effective security policy, and even when they do it's often poorly implemented or ignored altogether. I'm not just talking about small businesses either - many large companies are quite lax when it comes to supervising their staff's use of the internet.

The reason? Apathy quite often - managers are often not very computer-literate, and they underestimate the scale of the problem. Data vulnerabilities are perceived as something which happens to other companies, and threats always come from outside. In fact, many security breaches are inside jobs, and on quite a few occasions I have been involved in detecting serious security breaches by in-house personnel.

  It's Me 19:51 09 Oct 2004

It's got something to do with 'it won't happen to me/us, or 'it doesn't apply to me' syndrome, as well.

Getting cancer or breathing problems from smoking is the first, and I speak from my own experience (COPD) is no different to I won't get a virus because I only use the Internet for a couple of Emails a week, I know 3 businesses like that and they think I'm mad.

Firewalls are only for international business I have been told, therefore don't apply to me, and the some people tell me that traffic signs don't apply to them also, like 30 MPH and STOP signs. It's insane, but you can't convince them otherwise, cause they KNOW.

Two people I know replaced their PCs with new ones rather than get their destroyed with viruses PCs sorted, and still they won't protect themselves with Firewalls.

  TOPCAT® 20:04 09 Oct 2004

experience of IT procedure in the office, something I had little knowledge of during my working life. Too busy working 'out in the field' then, but I continue to learn more every day about modern business and its complexities. I glean most from this forum, I hasten to add! LastChip and the FE have just added to this learning.

From what I can gather, when socialising with those from an office background, many company managing directors, or CEOs as they're known these days, worked their way up to such status from accounting and not the shop floor, as of old.

It naturally follows that these people more than others would tend to keep an unwavering eye on the profit and loss account. So, if a company's network security is breached and office/warehouse output virtually ceases for some time, the old balance sheet can soon begin to look a bit grim. I would have expected these sort of bosses to have suitable safeguards already in place, so they can close that unwavering eye when they slept!! TC.

  Friday's Child 22:46 09 Oct 2004

You're quite right.

As an accountant, I've always said that not everything can be measured purely by the bottom line and we should be the last people to be allowed control of an organisation because it is not what we were trained for and therefore need to be trained as managers (as opposed to managers of accounts departments) before being let loose.
Like everyone else we have transferable skills but as soon as we have trained as managers and been put into those top admin jobs we are no longer accountants because we are then involved in pure admin and take our eye off of the accounts side.

This fascination with putting accountants into top positions seems to have started in the 70's or 80's in the mistaken belief (fostered by ourselves) that this would improve 'efficiency' and needs to be reversed or the accountants who are in those positions should openly admit that they are not really using the accountancy training that they received in the way that it was intended.

From experience I would say 'horses for courses' and let the people who are properly trained (either by formal training or experience) run IT with support from the others or we 'amateurs' in the accountancy profession will make things worse.

  It's Me 12:17 10 Oct 2004

The same, and I quite agree, we shouldn't be let loose on running businesses without a bit more experience/training. Trouble is, in my experience, most other disciplines have no idea of accounts or accounting controls, and worse, they don't want to know and seek to denigrate anyone with such knowledge, and so we finish up with it all to sort out. I don't think that we do too badly.

  It's Me 12:40 10 Oct 2004

That was meant for Friday's Child. I failed my finger training course!

  Forum Editor 13:00 10 Oct 2004

- and I've worked with and for lots of them over the years - is that they are continually whinging about budgets. IT directors have to fight toot and nail to convince the board that they need the money to pay for new hardware/software/staff etc., and I'm often called upon to provide a convincing strategy report - one that will persuade the finance director that we aren't going to spend all the money on trips to Las Vegas. I did once go to Las Vegas with an IT director, but that's another story.

Money's important - it's the reason the company functions in the first place, but I do sometimes feel that funds are denied to the IT side of the business because most of the main board directors can't tell a virus from a Trojan. I often have to make presentations to board meetings - trying to explain the need for large amounts of money to be spent over several years. Sometimes I get a vibe coming back - there's a degree of "I can't understand what this man's talking about, and what I can't understand I don't trust, so I'll play for time". Sometimes I'm contacted privately by one or other of the board directors. They'll invite me back for a one-to-one meeting to "get me up to speed on all this IT stuff".

I'm sure that scenario is repeated all over the country (and beyond) many times. Eventually it will change. Big companies will be run by people who have groen up with computers, viruses, DOS attacks et al, and they'll face the security challenge from a position of knowledge and confidence.

  Friday's Child 14:01 10 Oct 2004

You're right in what you say about others not knowing or wanting to know about the finance function but then again they do not want to know about what kind of engines are in the delivery vehicles. I suspect that like me they would not know the advantages of the new from the old and do not care unless it saves time and money. Yes we do fairly well but not as well as the people who understand the 'nuts and bolts' of the business which is a shame that I think we both agree about. Management should be a partnership of skills and as you say it is quite often left to our discipline to sort things out - probably because we are used to being thought of as the bad guys and therefore are prepared to accept being vilified when something unpopular has to be done :-)


You're right about the money and when everyone is having to fight for their budget it is unfortunately the case that what can't (in the sense of new logos, publicity about better delivery etc) be seen tends to be last on the list of priorities. Now if you were to tell the Finance Director that the system was going to make life easier for him ......... ;-)

  Sapins 14:51 10 Oct 2004

Ah!, so you spend some of the money in Las Vegas?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

Halloween Photoshop & Illustrator tutorials: 20 step-by-step guides to creating spook-tacular…

iPhone X news: Release date, price, new features & specs

Comment créer, modifier et réinitialiser un compte Apple ?