Security in the Modern Age

The internet is a modern miracle. It's hard to imagine how we ever got along without it. How did we communicate? How did we learn anything? It's truly amazing what it can do and a business should take advantage of it wherever it makes sense to do so. However, like all technology, it can work against you; data breaches, malicious software, ransomware. The number of ways you can be damaged grows exponentially.

I've learned in the over fifty years I've been using computers, programming computers and automating businesses, that rushing to take advantage of the latest and greatest, wanting to be on the leading edge of technology, almost always leads to disaster. Even if you're a tech company on the leading (bleeding) edge, not paying proper attention to security can put you out of business.

The question that needs to be asked is "how do I take advantage of modern technology without exposing myself to all the potentially fatal attacks just lurking on the internet ready to pounce on innocent businesses?"

The first thing any operation needs to do is to separate their operation into two parts.

The first part is the core of the operation. It consists of whatever data plus whatever programs that manipulate that data are required to keep the doors open. For example, all your customer data, accounts payable/receivable, inventory, etc. and the programs to use the data. It's what gets the invoices out, controls your inventory and allows you to do business on a daily basis. If you're a tech company or government installation, you'd define essential operations differently, but the idea is the same. What is needed to sustain operations safely?

The other part relates to how you present to the public, usually over the internet. The basic difference is that the core data/programs cannot easily be replaced. If they are lost, so are you. If the company web page is hijacked, it is serious but not fatal. You can usually get a new web page up and running pretty quickly.

If the core is compromised, you're out of business. This part of your business is the part for which your company/operation takes full and complete responsibility. There is no connection to the internet. There is no work from home. There is no cloud. The internet is NOT the computer. If orders come from the web, they are collected into a file whose integrity can be checked before the responsible person loads it to the in house computer that is your core business.

This sounds ominous. I know how popular work from home has become. Depending on the nature of your operation, exceptions can be made. Depending on your choice of operating system, sometimes work can be accomplished over the internet safely by using programs that limit what can be done and allowing login in such a manner that nothing else but the tested designated programs can be run.

But you don't let developers into a system over the internet where they can damage "live" data, the operating system or download programs and install them at their whim. You don't allow home computers which may be contaminated with viruses connect to your operational computers. You don't expose your system to the internet in such a way that someone could possibly gain control should he obtain the secure system manager password.

The best way to set up your system is to work with mature programmers who will ask at each step, "could someone do damage, either by accident, unknowingly or vengefully". Proactive is better than reactive and it takes planning right from the beginning. Design security into the operation.