“Happiness has many roots, but none more
important than security.”--William Shakespeare |
What do worms, viruses, Trojan Horses and phishing have in common? The worms aren't bird food and the viruses don't spawn the flu. The Trojan Horses don't belong to the Battle of Troy, and phishing isn't a misspelled substitute for deep sea trolling.
If you're a computer user with a little bit of savvy about the threats to the uninterrupted enjoyment of your high tech gadgets, you'll have some idea of the dangers of these borrowed English terms when they invade your PC.
Which brings us to another question: what have you been doing lately to insure that you have some security against attacks by these scoundrels? The villains who would invade your privacy are called “crackers” (hackers who learn to attack your technology for malicious reasons).
Because such foul creatures exist and threaten the world of information technology, you need to ask yourself whether you have reliable protection like
Norton Anti-Virus. How about a firewall against invaders, like
Zone Alarm?
Not only do we need these safeguards for our PCs, according to Jorge Sebastião, Managing Director of E-Security Gulf Group, we also need to make sure that our protection is kept up-to-date and set up to provide as much security as needed.
Jorge points out that many personal computer users neglect the measures needed to make their computers secure. Even companies and governmental organizations with many workstations frequently neglect the threats lurking in the shadows of their information technology (IT) systems.
“Security is as important when it comes to your computers as the locks on your doors or the checks at airports," says Jorge. "All security is meant to make you less vulnerable to attack."
Jorge's clientele are mostly in banking (60 - 70%). Banks have been obvious targets for securities breaches, he observes, and therefore they've been the most active in working to deal with the problems. Many banks still face security risks in a number of different areas. Jorge gave me an article indicating that the Bank of America had lost tapes holding information on bankcard customers.
In part, the article said that the Bank of America "admitted it lost
computer tapes containing private information on federal employees who used government-issued credit cards to cover expenses. The missing data includes Social Security numbers, home addresses and other sensitive information...."
Unfortunately, many other organizations and individual users have been more careless than banks about security. They often don't realize the dangers. People have been known to get annoyed when the firewall programs ask if they want to allow it to access the Internet.
Some people worry about the money they need to spend in order to have a good virus protection. These programs need to be updated daily in order to keep up with new viruses. Last week’s update won’t catch this week’s dangers.
If users don't realize that this kind of maintenance is as necessary as keeping their cars in fuel and serviced, they're simply asking for trouble--losses of private information, company data, personal files, sensitive information, passwords and more.
Jorge points out that companies need a number of things:
1. A security policy: employees need to know what's acceptable use related to both email and the Internet.
2. Awareness education: people need training in the vulnerabilities of their systems and keeping them secure. Security systems need regular auditing as well.
3. Good security architecture: making security projects work together.
Earlier, I mentioned the word "phishing," which is a scam that has recently become very widespread and dangerous to unwitting users. Here’s what happens:
"The scammers typically send out an e-mail that appears to come from a trusted company such as a bank or an e-commerce Web site. The phishing messages attempt to lure people to a bogus Web site, where they're asked to divulge sensitive personal information. The attackers can then use those details to steal money from the victims' accounts.
"According to a report from online privacy watchdog Truste, 7 out of 10 people who go online have received phishing e-mails, and 15 percent of those have successfully been duped into providing personal information."
Jorge says, "Security is not a tool or an annual event but rather a 'continuous skilled process’”. He adds, "Today vulnerabilities are announced at a pace of 50-60 per week, so constant surveillance is required. ADSL, always on connections provide an easy entrance for attack."
According to Jorge, "today's vulnerabilities are everywhere:
- Email (Outlook, Outlook Express)
- Applications like Microsoft Office
- Operating Systems
- Browsers (Internet Explorer)
- Databases
- Others (Jpeg files, Flash animation, PDF Acrobat Reader files)
Following are 10 tips for action
1. Know your equipment: hardware, software, applications, and information.
2. Integrate the right level of security into your organization; different levels require different protections: Personal / Home, Small Business, Corporate, Military.
3. Create and implement a security policy. It's not about size or volume but rather about consistency.
4. Get a good firewall if you have a permanent Internet connection, such as broadband or a dedicated circuit. Place a firewall between your systems and the routers.
5. Backup regularly and be ready to respond to disaster. Test the backups.
6. Be physically sound and safe: locks, alarms, steel shutters, reception area and access control.
7. Everyone should have a unique ID and use a complex password. A unique ID allows for trace ability of events.
8. Keep track of software licenses. Be ready for audits by Federation Against Software Theft and Piracy.
9. Education, Awareness and Contribution: every user's participation counts
10. Have an incident response process or approach. When trouble comes you will know what to do step by step.
According to Deb Kollars of the Sacramento Bee, “Viruses and hackers--once the curse of personal computers--are turning up as a new threat to cellular telephones. Someone hacked into the cell phone of Hollywood celebrity Paris Hilton and spread her personal phone list and photos on the Internet.”
Kollars noted, “During the same week, word of the first cell phone virus came from Southern California.” Though cell-phone viruses haven’t yet become as rampant as PC attacks, several security officials believe that it will soon be necessary for cell phone users to have anti-virus programs.
Many centuries ago, the Chinese philosopher Confucius wisely observed, “The superior man, when resting in safety, does not forget that danger may come.”
