Consider this...

Here are some articles that may better explain the cost of doing business in an electronic environment. All articles on this page will open in a new window.

Data Loss

A 2003 Study by the Graziado School of Business and Management at Pepperdine University suggests that the cost of data loss and recovery are noticeable, between organizations that employ a regimented backup plan, and those that do not. This study includes some interesting statistics behind how data loss actually occurs.

Another look at data loss from American Data Recovery, while more forgiving toward humans than the Pepperdine study, points out the amount of downtime a business suffers due to data loss, and how it can displace productivity by the thousands of dollars.

Viruses, Worms & Trojan Horses

Nowadays, when we think "computer", the word "virus" is rarely far behind, as the conclusion of this article by Thomas M. Chen would suggest. It states that "outbreaks have become so commonplace that most organizations have come to view them as a routine cost of operation."

While we view the "routine cost", we should also pay close attention to the fiscal, infrastructure, and data losses, as suggested by the ICSA Labs 10th Annual Computer Virus Prevalence Survey (registration and Adobe Reader required). Some interesting factoids from this study:

• The 300 survey respondents experienced more than 3.9 million encounters during the 12 month period from January 2004 through December 2004.
• 112 of 300 respondents reported a virus disaster representing a 12 percent increase over the 92 reports in 2003.
• While recovery time had risen only slightly in 2003, this year’s rise was an increase of seven person days or almost 25 percent.

Since few businesses will ever publicly admit the costs associated with virus damage, it's hard to determine exact figures. One thing is for certain; a virus will likely cause one of the following to occur: increase spending for eradication, require additional charges for data recovery, weaken overall network security, or result in lost productivity for affected employees.

Malicious Software (Spyware & Adware)

This White Paper written by Webroot (requires Adobe Reader) gives a good general description of the slow, yet pervasive harm done to business networks because of spyware and adware. The article states that the "misdirection of corporate information compromises security and confidentiality, and poses threats to corporate integrity, reputation, and regulatory compliance."

A Security Pipeline article written by Core Competence President Dave Piscitello explains that, while there is no single solution for combating spyware, users can be taught good browsing practices, and how to recognize threats before they become problems in the office. Mr. Piscitello explains the risks further in a more technical article on the Watchguard website, pointing out problems such as "Disclosure of sensitive or regulated information", lost productivity, or data mining for private information.

Finally, this Spyware Guide article discusses the threat of identity theft through spyware products. These malicious packages "access everything you do online including usernames, passwords, online shopping purchases and e-mail or chat correspondence." It is a long article, but it offers many great suggestions to help prevent identity theft.

Employee Misuse / Lost Productivity

With the expanding requirement for internet access by employees to conduct their business, this also points to a company's need to protect their infrastructure against internal malfeasance. A series of great suggestions appears in this white paper offered by Surf Control (requires Adobe Reader).

Liability

Nearly all of the abovementioned threats, while often self-contained, may also lead to company liability. It is a good practice to provide the means to avoid any of these situations if possible, or to provide a framework that reduces downtime, liability, and data loss.

Computers have been designed to store data, and your business is no different. While it would be disastrous to your company to lose information, your company may have relationships with other companies that demand full access to the data. Losing this information, in whatever fashion, could create a liability to the companies that utilize the data.

If viruses come in, they will certainly go back out. Since viruses often retrieve email addresses from their hosts in an effort to spread, your list of vendors and customers in the address book are all potential targets. This may present you the requirement of containing their damage, or restoring their loss.

While your company may not be responsible for creating and distributing spyware, it may be responsible for divulging private information caused by unchecked spyware infiltration on your company systems. A computer that routinely accesses patient records or private credit accounts, for example, may have a malicious program that mines for, and retrieves this information.

Employee behavior that is left unmonitored or unchecked may also prove costly. This doesn't apply to personal email or instant messaging, but also to distribution of data, and proper safeguards for managing that data in the workplace. Establishing a solid backup routine can help, in case of intentional destruction. Creating an Acceptable Use Policy for your employees should be part of their training, so the company can clearly outline the rules of the road.