Protecting Your System From Hackers
Don't think your system is invincible-you need to plug up your security holes ASAP.
Your computer network may have been spared by the recent Code Red virus, but don't think because you're small, you aren't vulnerable to a crippling security breach or nasty virus. "This problem isn't going away," said Andy Faris, president, Americas, of Message Labs Inc. in Minneapolis. "The hackers are getting more malicious and more clever. Traditional security measures aren't working anymore, so you have to step up your vigilance and improve security."
The current scourge, Sir Cam, has been assaulting e-mail systems for the past two weeks. United Kingdom-based Message Labs, which provides e-mail filtering services worldwide, has intercepted 10,000 Sir Cam messages per day being sent to its 500,000 subscribers, according to Faris. In most cases, several messages a day from different people appear to be messages sent by a friend needing "help." The Sir Cam virus can delete files and forward confidential company information to unwitting recipients, Faris said.
If you think these viruses are just nuisances, check out the damage estimates. Last year's Valentine's Love Letter virus caused an estimated $2.6 billion in losses in 72 hours, according to industry analysts. In 1999, the Love Bug virus infected networks, causing an estimated $10 billion in damage, while the Melissa virus cost another $393 million in 2001. The widespread Anna Kournikova virus also caused big, expensive headaches around the world.
"I would suggest that all companies, big and small, do a thorough review of their security," said Faris, whose company offers its e-mail filtering services for about $2.50 per user, per month with a one-year contract. If a mysterious hacker isn't trying to shut down your Web site, a disgruntled former employee could be. Doing things as simple as changing system passwords frequently can prevent a major security breach.
"If a business owner doesn't take proactive steps to make sure their information is secured, it's the equivalent of putting their secrets out on the front doorstep when they go home at night," said Robert Lonadier, director of security strategies for the Hurwitz Group in Framingham, Massachusetts. "The typical hacker is a bored teenager with a modem and access to news groups. Data in transit (e-mail) and data at rest (company files, financial information and customer files) need to be protected in some manner; otherwise, the safe bet is that it will find its way into the wrong hands."
Lonadier said lax password security comes about as a result of sharing passwords or scribbling them on sticky notes and sticking them to computers or inside desk drawers. "It's amazing how common sense gets ignored when it comes to security issues," said Lonadier. He recommends that every business owner spend 15 minutes making a detailed list of critical information assets. Figure out who really needs access to specific information, then limit access to everyone else. Keep close tabs on who has access to financial and other confidential information. Think twice about e-mailing confidential documents and contracts. Faxing or mailing them to clients or customers is safer. "People get lulled into the convenience of the electronic medium without thinking through the implication of having (sensitive) documents travel through cyberspace," said Lonadier.
To immediately increase password security, Lonadier recommends including one upper-case letter in your password. This is a very simple and effective tool against hackers. "If you have the computer equivalent of locks on your doors and a 'Club' on your car, the casual hacker may be turned away," he said.
Another problem is the push to open your computer systems and Web site to your customers. If a legitimate customer is given a password to go online to check order status 24 hours a day, a hacker has an open door to dig deeper into your computer system. "With large numbers of computer systems being interconnected front end to back end, there is an opportunity for errors and vulnerability," said Lonadier.
Security experts warn against posting too much personal information about your executives on your Web site. If you tell the world your CIO has three kids, loves to jog and lives in San Jose, he or she is vulnerable to being contacted or threatened by a computer criminal.
Experts say your confidential information is most vulnerable when you send it over the Internet in the form of e-mail. Currently, 10 million e-mail messages are sent around the world every day, and the number is expected to grow to 35 million messages a day in the next five years, according to Accenture, a high-tech consulting firm. "When you want to use the Internet for business purposes, it has flaws-it's not a very secure channel," said Jim Liski, COO of Atabok Inc. in Newton, Massachusetts. Atabok offers a variety of subscription-based e-mail protection services (the cost is about $40 a month), including encryption and a product that allows you to control use of the messages you send. "With our product, you can control whether you can print, forward or save a message," said Liski. "You can also revoke a message that has been sent."
Jane Applegate is a syndicated columnist and the author of 201 Great Ideas for Your Small Business. For a free copy of her "Business Owner's Check Up," send your name and address to Check Up, P.O. Box 768, Pelham NY 10803 or e-mail it to firstname.lastname@example.org. Sarah Prior contributed to this article.