Who Shall We Rob Today?
Remember those old black and white movies, the stocking masks, the pick axe handles, the sawn off shotguns and the white 2.8 Jaguar as the getaway car? Lots of action and great car chases!
A far cry from today’s highly organised and sophisticated bandits, with high performance computers, network sniffers, switched on hackers, infiltrating software and highly motivated planted operatives.
While the former makes for exciting cinema viewing the latter makes for big time computer fraud.
There is no doubt that computer crime is not only on the increase but the perpetrators are also becoming more and more imaginative, with an increased emphasis on direct infiltration (according to a study commissioned by the National Hi-Tech Crime Unit (NHTCU) 68% of information stolen was done by insiders). What can the potential victims do to stop this ever increasing treat?
The simple answer is – look out for everything; and then look again. There is no simple solution. The most effective answer, already adopted by many of our major and more progressive companies, is to establish a dedicated security department reporting directly to the main board and having the authority to impose those standards and procedures necessary to close the gaps in the system.
With a well structured security department in place the most effective plan must be to formulate a hit list which will address each of the security components that most affect the particular nature of the business. Every business will have its own view of what elements constitute the greatest risk to its data security and consequently it’s vulnerability to fraudulent attack but there are some common basics that should be addressed by all. These basics would include the effective use of Anti-Virus software, preferably a version that automatically updates itself to the latest level, a very solid hardware Firewall also maintained to the latest specification and of great importance a very effective email control system (DMZ) kept under very tight control.
So much for the basics, what else can be done to make a significant impact on overall data security? For companies where there is a tangible value to their data (banks, commercial lawyers, government, military etc,) one of the first priorities must be the implementation of a solid Network Data Encryption system, ideally a hardware based system, which is both immune to unwelcome infiltration and provides far greater performance than is available by using software encryption.
Employees at all levels are potentially subversive. To build strategies that clarify and enforce what is expected of staff is key to protecting the company’s data and so also the company itself. There is little point in employing expensive hardware and software to protect the company’s data if staff has no knowledge of what is expected of them, or what procedures should be followed. For instance employees may choose to download their personal email from Hotmail or Yahoo, thereby circumventing the expensive email control system. Unless they are explicitly made aware of the hazards to the company of this type of activity, they will carry on regardless. Spending a fortune on preventing viruses entering your network and then letting your employees bring in their sons or daughters homework on disk to be printed out on the office colour printer brings similar exposure and possibly opens the door to the more obvious sins of surfing porn or sports sites!
The establishment of a sound and solid security policy throughout the company will without doubt reap benefits in many areas. To supplement this policy implementation a dependable “Security Management’ application package will not only make the management of security policies easier to monitor but will in addition create an environment within the organisation where employees will positively influenced by the knowledge that the system is being regulated. If the company then makes use of a well thought out policy management program they are in the best possible position to prevent the worst from happening.
Unfortunately there are no guarantees. To stay on top the security department will always be in conflict with “bad guys’, there will always be a new challenges, new viruses, new worms, new trojans and new ways to place illegal personnel with new nasty gadgets to steal your company’s assets.
Remember – “There is no such thing as total security only levels of insecurity’.