Protecting - What can I do? - How do I keep track of everything?

System monitoring is the best way of keeping track of what is going on in your system. System monitoring will tell you who is accessing the data and when, what applications are being used, and the type of traffic on your server.

Most businesses have their websites hosted by external providers known as Internet Service providers (ISPs) and as part of their service they can offer activity logs that will monitor the traffic on your site.

Internal monitoring of your network, including outgoing traffic to external websites, is the task of your system administrator or IT department. Through this process you will be able to monitor any unusual or unauthorised activity.

It is also vital to have procedures in place to alert the system administrator or designated person if the web server, application server, data and information server or database are down or off-line at any time. You should seek from your ISP or website host, an assurance as part of your service agreement that specifies how they will tackle issues such as downtime, server failure, denial of service attacks, and in particular, any disaster recovery procedures in the event of fire or destruction of their premises. If they cannot provide these assurances or procedures to cover these contingencies then you should consider moving your site to a website hosting provider that can.  

When upgrades are implemented, ensure that no security controls are turned off. Administration of websites and related servers should be properly controlled and monitored as changes and enhancements are made. This applies as much to your internal processes as it does to the responsibility of your website host or ISP. Keep records of any changes made to the system. This is not only good security practice but good operational practice as well.

What to do

The following things can help you keep track of who is using your systems:

  • Conduct periodic scans of databases for obsolete, redundant or incorrect data.
  • Conduct periodic security reviews of the website and related server (usually in conjunction with your website host and/or ISP).
  • Ensure that systems can generate simple network management protocol alerts to warn you when things out of the ordinary occur.
  • Log important systems that cover security alerts and system use to detect inappropriate use or excessive usage.  (For example, system logs can tell you if employees who work after hours are accessing inappropriate websites or using company equipment and software for non-business purposes.)
  • Keep logs to assist you in identifying a standard usage baseline to determine work habits, such as how long and often a user or customer accesses your system. The standard will assist you to identify extra long or short sessions that appear out of the ordinary and could indicate unauthorised or inappropriate use.
  • Conduct regular security system reviews, preferably using an independent outsource company which specialises in this work. This is not overly expensive and through "ethical hacking" these companies can identify potential weaknesses in your system that could allow unauthorised and possibly dangerous access to your information or information system.