A recent DTI survey into IT security showed that in the larger enterprise reported incidents have fallen. The same survey also showed that in the SME there has been an alarming 50% rise.

While the basic issues faced by both large and small businesses are similar, the challenges are very different. Large organisations will have well funded IT departments and full-time security staff. The smaller company may have in-house IT but is unlikely to have resources dedicated to security.

We are conducting our business in a world increasingly connected through internet, mobile and wireless technologies, laying ourselves open to a multitude of new threats and risk. Many of us rely on laptops and mobile devices using them outside our trusted networks on unprotected broadband connections, public wireless access points and hotel networks. How important is the information they contain and what safeguards are in place to protect them? Furthermore, do we have legal obligations over client or employee data?

It is evident that security has become a necessary part of today's business and that we need to incorporate it into our daily work routines. So what steps can we take to alleviate some of this risk?

To address these issues, we must first understand where we are vulnerable and the primary risks that we face as only then can we take steps to reduce risk to manageable levels. A security audit will allow us to establish a baseline, giving us a clear picture of the status of our networks, systems and procedures.

The audit is possibly the most important stage of our whole security process as it lays the foundation on which we can base our efforts. It will identify vulnerabilities and threats to our business and the associated risk, allowing us to allocate resources where required and manage subsequent work efficiently and cost effectively. Additionally audit results allow us to target exposure and weaknesses.

A security policy outlines the stance of our organisation with respect to security and communicates to employees and staff acceptable use of IT infrastructure, further reducing our exposure.

While the steps taken so far may have reduced the likelihood of an incident, the possibility of an occurrence is still very real. Virus or malware infection, robbery or hard drive failure are almost certain to affect us at some time and can have a serious impact on our ability to operate effectively. By recognising and understanding issues that we might face we can plan for outages with, for example, manual or paper-based systems that could save us downtime, expense and stress.

Regular backups are obviously important but like any other plans for continuity of business must be tested and verified. Too often we hear the story of someone's computer crashing, only to find that backups don't work and all is lost. Backups are a critical part of our recovery plans so we must make sure they can perform their function and restore our precious data and systems.

So we must establish a baseline through a good and thorough audit, asses risk and fix issues where possible, if not mitigate risk through recovery planning. Expect and plan for outages as they are inevitable. We must ask ourselves what could really affect our business, how we could reduce the likelihood of it happening, and what might we do if it still happened.

One thing is certain of security incidents, they are unpredictable. By taking a structured and proven approach to security we can level some control over the multitude of threats that surround our business.

For more information visit www.inforisk.co.uk

One of the major elements in setting up an effective IT system is the selection of a communications system that can integrate seamlessly with all elements of it. For new businesses, this can be very confusing and very costly if you make the wrong choice.

Thousands of small businesses are selecting or making the switch to internet-based phone systems (VoIP) for reasons of cost and ease of usage. Last year, for example, small and medium-sized companies spent £1.1bn on internet phone systems equipment and services, compared with £2.1bn for enterprises according to research by InfoTech.

Major service providers have traditionally courted large businesses with VoIP, as this was where the most money was to be made, and more or less ignored entrepreneurs. The new wave of telecommunication companies have recognised that VoIP is very relevant to SMEs and are now tailoring packages with this sector in mind, which is now embracing this technology with open arms.

The benefits of a VoIP communications system for SMEs are numerous and go beyond simple costs savings. It also leads to improved productivity and enhanced client customer relationship management. This ultimately results in more clients, which in turn translates into a better bottom line and a healthier, more competitive business.

There are various options that take into account the current technology and anticipate the innovations in the not-so-distant pipeline and the following are part of those currently available:

A state-of-the-art phone system
Hosted VoIP provides business customers with a leading edge phone system without the associated capital cost. From day one you will have a system that delivers all the current features plus tomorrows as they become available

Futureproof
Hosted VoIP is ‘futureproof,' as when new features are introduced, they are rolled out to existing customers, so there is no need to worry about another large capital equipment upgrade a few years down the road

Pay as you grow
With hosted VoIP there is no penalty to start small and then add ‘seats' to the system as you grow, as you only pay for the seats you need on a monthly basis

Reduce call costs
While saving on calls is no longer the primary driver for adopting VoIP, it can be a prime factor for organisations that have multiple offices requiring frequent voice communication, so not having to pay for that communication can reduce a large amount from an organisation's operational budget

Seamless teleworker connectivity
Hosted VoIP makes it easy to integrate teleworkers into the business telephone system through their own broadband connections. In addition, your customers will be able to reach your teleworkers through your VoIP switchboard, regardless of where the worker is physically located

Cut move, addition and change costs
Every time your company moves, adds or changes a conventional telephone connection, it costs money. With VoIP, your network configuration is software programmable and its voice signals are carried over your business LAN so you can administer the changes yourself

For more information on what hosted VoIP can do for your business go to www.Coms.Net and take a free trial

Spam is one of those areas of the IT headache that has become very prominent of late. Once considered to be nothing more than a nuisance in the form of mass advertising, it has progressed into a very dangerous, time-consuming and sometimes offensive issue. It has advanced to a level where we are seeing malicious code hidden inside spam emails that embed themselves into PCs. This can enable a hacker to record keystrokes of passwords (gaining access to systems), for example, or even enable the hijacking of the machine so as it can be used for sending more spam at a later date. It can come in the form of phishing spam, which has the sole intent of getting you to send or input personal data for the benefit of hackers to steal your identity and blow a devastating hole in your current or savings account.

To make matters even more difficult for anti-spammers, good email to one person can be bad to the next. For instance the marketing department of a business want to see particular e-magazines, which the technical department has no interest in seeing. This is making it more awkward for systems to classify messages correctly on a company wide basis. Spam also has no preference for what flavour of company it goes to. It can be a small business of a few consultants to the largest behemoth of a company with hundreds of thousands of employees. We are all at risk, even down to the individual home user.

So with all this scaremongering about the viciousness and indiscriminate nature of spam, how easy is it to combat? Implementing the right solution is obviously key. Whether it is software, appliance or an outsourced option will depend on a company‘s needs, budget and resources. There are pros and cons to each, but analysts have seen a trend towards appliances that are easy, intuitive, cost-effective and that actually work. Software solutions are often very administration heavy. Outsourced solutions tend to become less cost-effective over time.

It‘s important to remember that spam is an income medium that if severed, a different/more clever method will arise to combat the filters. Over the last few years good appliance solutions have been growing in popularity due to ease of use and effectiveness at keeping up with these ever-changing trends.

So spammers are always trying to invent new ways to 'get in‘ and disguise their message intent. In recent times we have seen the advent of image spam (picture text) being used to fool systems. This has actually caused many manufacturers of anti-spam solutions to almost give up due to the difficulty in dealing with it.

Clever use of PDF files and zipped attachments has suddenly started to proliferate the world of spam delivery mechanisms. These are all ways to fool solutions into letting a bad message through. If your chosen solution is not capable of keeping up-to-date with all these emerging spamming methods, then it quickly becomes pointless.

Eventually you can become a victim of what can be hours of wasted time clearing out your own and your staffs‘ inboxes. Not only that, you risk those phishing attacks and one of those potential cases of upset employees taking you to court because they are devastated at reading about sexual enhancement methods involving pharmaceuticals, which, by the way, currently account for about a third of the global spam email traffic.

So a well chosen anti-spam solution will reduce costs associated with dead time 'cleaning‘ inboxes. It is an invaluable piece of IT equipment designed to wheedle out those phishing attacks. It will block all those messages with imbedded malicious code/viruses/Trojans and worms, all put there to cause havoc or steal private information. With the email traffic now peaking at 95% spam, reclaim your network.

For more information see www.barracuda.com