 |
| Computer security is everyone's business. |
Introduction
Information: we all have it. We bust our behinds to get it. We can’t live or conduct business without it. Someone else wants to steal it.
Identity theft is a term most people are familiar with. The odds are very good we all know someone—maybe even ourselves—who have been victimized on a personal level.
What many people don’t realize, nor can they comprehend the scope, is that information is regularly stolen on the corporate level. A lot of people fail to understand why they need to worry about who has their work passwords, or what happens when—not if—important business information is swiped.
Sure, we have all see the Hollywood thrillers that have someone swiping a bank’s armored car route so crooks can rob it. We have all watched movies, or read books, where computer hacking is a key element. We need look no further than the late Steig Larsson’s highly successful trilogy of The Girl With the Dragon Tattoo books. The heroine, Lisbeth Salander, is an anti-social hacker.
But what we don’t comprehend is this: information security is everyone’s business. You should know what happens, how it happens and what you can do to fight it.
You Should Care About Data Security
The data theft example above is what most people think of in terms of data security. You’ve got a credit card and bank accounts. When someone else uses your card or empties your accounts, you get upset. But a lot of people fail to understand why they should care if someone breaks into the office computer network.
 |
| You need to care about keeping your firm's data private. |
You have a job. Your job involves products and/or services. This means a list if clients and how to reach them. It also means lists of what products or services they bought, when they bought them, how much they purchased, where the merchandise was shipped, etc.
Your computer network also keeps track of product inventories. It tracks how many completed units you have on hand, how many parts to make completed units are on hand and how many parts are needed to make more. It likely tracks where each item is in the delivery pipeline both to you from your suppliers and from your firm to your clients.
Now take an unscrupulous competitor. If your top opponent knew exactly how much you paid for your products and could undercut your prices, he could offer his similar items to your clients for less. Given today’s competitive environment, many of your clients would switch.
Here’s another example: if someone could masquerade as your firm, they might convince your clients to place orders with them. The problem is the thieves are getting the orders and taking the money, but not delivering the products. This happens once or twice before your firm gets some angry phone calls and the deception is uncovered. No matter how the matter is resolved, your firm is now suspect in the eyes of that client.
These above scenarios occur on a regular basis. When they happen too often, firms go out of business and people like you lose their jobs. Those two examples alone—along with many others—are reasons why you should care about corporate security.
Corporate Security Levels
One of the first steps when joining a new company is getting a user name and password. Typically the firm assigns you a password, which you change immediately to something you can remember.
What happens when we forget our password? We go to the information tech guys or our supervisor and ask them to retrieve it. They can do this because they have a higher clearance level so they can access more information.
This same situation works its way up the corporate ladder. The higher a person’s position, the more information they have access to.
And not only can these executives read what everyone else writes, they can change it, copy it, move it around and delete it.
So how can your boss or the IT guy reset your password and override the computer security system? One way is by them keeping a log of user names and passwords. You forget yours and they can tell you what it is. The second way is by having network administrator privileges that let them take steps you cannot.
That covers what most people know of keeping business data secure, especially from the inside.
External security—keeping unwanted and unauthorized people out of your network—is the job of firewalls. Firewalls are a combination of software and hardware designed to make it difficult for unauthorized people to get into your network. Firewalls work to keep most intruders out but determined thieves will find a way in.
Common Data Stealing Methods
We have all heard about hackers who use sophisticated programs to go through firewalls and corporate security measures. The brute force approach of breaking through firewalls is only one method data thieves use, though.
Other approaches are Trojan Horse computer viruses and keyloggers. Both software methods trick people into revealing their passwords so outside hackers can gain entrance to your network. Both approaches rely on registered users letting them, typically by making users such as you think they are someone else.
For example, someone at work uses an office computer to download pornography. Opening an image or visiting a website—remember, that person voluntarily went there—downloads the Trojan Horse virus onto their computer. Trojan Horses are programs that are something other than what they appear to be and like the one of legend, contain electronic “soldiers” bent on causing havoc. Keyloggers are programs that record computer keystrokes then send them to a remote computer.
Another method involves people opening email attachments from unknown sources. Opening the attachments launches the virus attack.
A third method involves gaining access to a computer inside the business—and firewalls—then using a removable flash drive to copy the data and take it away.
Less Common Stealing Methods
One of the methods Hollywood uses when showing data thefts is more common than many people expect: thieves take advantage of human frailties.
A thief gains access to a business. While walking through cubicle city, they spy an empty cubby. The user keeps a sticky note with their username and password on it underneath their monitor. Guess what the crook copies?
Many people these days also write down computer access codes and carry them in their purses, wallets or smart phones. Swipe the right wallet or phone and you’ve got a goldmine gaining access to a forbidden network. Credit cards? While steal hundreds of dollars when you can take millions?
What You Can Do To Fight Computer Crooks
The first step the average computer user can do to fight computer crime is simple: use a good password, then change it regularly.
Good passwords are words or phrases that mean something to you, but the average friend, relative or business associate would be unable to guess easily. Bad passwords are name of your current significant other, your birthdate, or a pet’s name. Good passwords might involve the name of a former “friend” who dumped you in high school, the name and birthday of a favorite teacher or perhaps the name of a friend’s long-dead pet.
Thinking of a word or phrase is the first step. The second involves replacing a few letters with numbers or symbols, such as using the number 1 for the letter “i” or lowercase “L,” and the + symbol instead of a “t.”
The third step is using different passwords for different accounts. Use one for work and different one for your personal computer, plus others for individual access situations like on-line banking.
So now you’ve got a ton of passwords. How do you keep track of them? One option is to download an encryption program for your iPhone such as For My Eyes Only. Another option is Pretty Good Privacy for desktop computers.
My Eyes Only requires you to enter a master password before gaining access to a list of usernames and passwords stored on your phone. The list is stored on your phone, but encrypted (think scrambled) to keep out anyone without the master password.
Pretty Good Privacy has been around for many years. It uses private key and public key encryption. The private key is a password only you have access to. A public key is one you can give other people to access selected encrypted documents.
The single most important step you can take is also the most obvious and the one many people overlook: secrets are no longer secrets if they are shared. Keep your passwords to yourself, period.
Those are simple steps every individual can use. Your best bet at the corporate level is to hire a professional security firm. Check around, ask your friends who they use and why before hiring someone.
0 comments:
Post a Comment