Crimes in Cyberspace: Are You Safe?
“Crimes in Cyberspace: Are You Safe?”
Don’t let hackers touch your corporate information.
Consider the following scenarios:
- An employee launches his own business and steals your product information and clients, servicing them through your network system. By the time you realize what’s happening, half your clients are gone — as well as your corporate secrets.
- Someone hacks into your personnel and salary files and then releases the confidential material to all employees via e-mail.
- You’re attending a convention. At the end of the day, you return to your hotel room, check e-mail on your laptop and go to dinner. By the time you return, the hotel maid has accessed your laptop and downloaded your corporate files to a remote site via technology hidden on her cleaning cart.
Far-fetched? Hardly. Not only are these real cases, the Federal Bureau of Investigation expects electronic crime to increase as our reliance on computers and the Web grows.
Hackers can tap into corporate checking accounts, client lists, R&D formulas, personnel files and network systems from their home computers or the office network. They can also tie up your Web site with denial-of-access attacks and viruses that shut down your service, costing you sales and precious time.
Yet few businesses cite computer vulnerability as a concern, say security experts. Most entrepreneurs still have the it-won’t-happen-to-me attitude. But if it happens even once, the financial and data losses can be staggering. Eighty-seven percent of businesses that lose their data also lose their business, says Christopher Harvey, chief technology officer at NovaStor Corp., a software-development company.
Bottom line: Develop policies and systems to protect your business from electronic crime. Otherwise, you’ll have little recourse when a crime occurs.
4 risk categories
- Intellectual property theft. Intellectual property — R&D materials, client lists, copyright and policy materials — is the greatest vulnerability for most companies. Eighty percent of intellectual property theft is committed via computer by existing or former employees, who use the information to enhance their own marketability or benefit competitors.
Preventative action: Strong hiring and management practices can minimize risk. Be thorough in your interviews, background research and hiring processes. Also create electronic-crime policies for employee handbooks, just as you would for workplace violence or sexual harassment. Educate employees about the appropriate use of corporate computers. Define the term "confidential" as it applies to your business. Policies and education will help deter electronic crime and also provide you with legal protection if something should happen.
Finally, install and maintain computer security and forensics systems to identify how the computers are being used. Tell employees about the systems-check technology that protects the corporation from both internal and external attacks to discourage meddling.
- Fraud. Online purchases and corporate banking can make you susceptible to computer fraud; criminals can steal credit-card numbers to set up other accounts, run up charges and transfer money. Yet another concern: identity theft, where people steal your online information for malicious intent. Individuals also commit fraud by creating resumes tailored specifically to the job you are hiring for. Once employed by your corporation, they start stealing corporate data.
Preventative action: Work smarter online. Establish firewalls and authentication programs within your network or Web site that serve as barriers to unauthorized entry. Track your online transactions and purchases; request information from your banks and other service providers to learn about the online security systems that they have in place for your protection. You’re only as safe as the security measures taken by parties you work with.
- Denial of service, hackers and viruses. You may have lost valuable data to a virus that infiltrated your system. Online vandals are often out for bragging rights. They break into your computer and interrupt service by creating programs that attack your hard drive or tie up your Web site so that clients cannot gain access. It’s an expensive nuisance that costs corporations millions of dollars a year in repair fees and labor. And if vandals gain access to your system, they can also leech corporate information for criminal use; by attaching demons to your system, they can monitor your every electronic move, capturing data and account numbers you transmit.
Preventative action: Employ software and security systems so computers and networks are harder to invade. In the event you are using DSL and cable-connection capabilities, your lines are always open, making them even more vulnerable. Set up system firewalls, password-protected pages, filter packets and secure communication lines that require authentication certification so parties must be recognized before entering. Computer security consultants can also give you an idea of what’s needed. Remember, virus protection and security systems are only effective when maintained and updated regularly. After taking precautions, put a plan in place to deal with a network shutdown or attack.
- Pornography. The Internet is now the largest facilitator of pornography. Employees have been caught downloading inappropriate pictures, printing material and even dealing in pedophilia — all from company computers. Aside from lost work time, employees who access child pornography at work become a legal liability to their employer.
Preventative action: Implement technology to block access to certain sites. Also, in your corporate policy manual, spell out acceptable and unacceptable uses of the corporate computer and Internet. Run frequent systems checks to identify what sites are being visited.
Not every misuse of corporate computers is a crime, but all can be costly. Whether cyber crime becomes a matter for the criminal or civil courts, clear employee policies and security standards offer protection and legal recourse for your business.
Writer: Polly Campbell