Modern businesses need to protect against cybercrime attacks
Published 12:00 am Sunday, July 1, 2001
Protecting a business from cybercrime begins with a few basic steps, a Natchez computer specialist said.
First, however, business owners and managers must recognize the importance of computer security, said Bobby Kerrigan, a Vidalia, La., native who has worked in the computer business for 18 years.
&uot;In a way, businesses in Natchez and the surrounding area still are not as committed to technology as other places,&uot; he said. &uot;For one thing, there is not the money to spend on the technology.&uot;
Even the smallest company must be aware of security risks, however. &uot;Information is the lifeblood of a business,&uot; Kerrigan said. &uot;Every company should have an internal security protection in place.&uot;
Few businesses can operate without access to the Internet now, he said. &uot;That makes it more likely that someone unscrupulous will come along and do something disruptive.&uot;
When someone logs on to the World Wide Web, the user connects literally to the whole world, Kerrigan said. &uot;You really are inside one global community on the Web,&uot; he said. &uot;If there is to be a break-in into your computer, it could come from next door, from California or from China.&uot;
The biggest threat to a business, however, is from within, Kerrigan said. Although the World Wide Web is international, most crime against businesses is perpetrated by an employee. That known, the company can take steps to protect against the so-called inside job.
Kerrigan works as technology specialist at Copiah-Lincoln Community College, where about 600 computers are used by faculty, staff and students.
He has taken his expertise in security to the job and said the Internet policies in place at the college easily apply to business and industry settings.
First, the system should be protected by a firewall, an integrated system of security measures to prevent unauthorized access to information.
The security plan should be aggressive. Software is available to monitor questionable activity, flagging sites that are inappropriate – including those that are dedicated to teaching someone how to hack into a computer system.
The security plan should put emphasis on user names and passwords that change frequently, Kerrigan said. &uot;We have users change user names and passwords about every 90 days; so if someone gets my password, it will be for a limited time.&uot;
Even so, Kerrigan said, given the time, patience and expertise, outside hackers can violate even the most highly guarded systems in the world. In fact, they have been known to do so – even federal government sites, he said.
Often those hackers are interested only in the challenge rather than the information. But as the Internet becomes more and more universally used, the security issues will grow and business owners will look for answers.
&uot;As the Internet becomes a mandatory business tool, the demand for security will increase,&uot; Kerrigan said.
A virtual banker speaks
Britton & Koontz First National Bank made a leap into Internet activities in the 1990s, not only offering Internet Provider services but also on-line banking.
Martin Lanneau, virtual banking manager, said the protection of online bankers is absolute.
&uot;The whole concept of privacy covers a lot of real estate,&uot; Lanneau said. &uot;But basically the steps to ensure safety are the same in on-line banking as in other areas of commerce. We break them down into four areas of concern: confidentiality, integrity, accountability and authenticity.&uot;
B&K uses encryption, a mathematical technique that takes information and an encryption key and converts the information to an unreadable form.
The electronic banking system uses special digital certificates to authenticate signatures, to be sure the transaction is taking place between the rightful customer and the the bank. &uot;B&K uses a certificate authority named VeriSign.&uot;
One of the most important security choices of the on-line banking customer is the password, Lanneau said. &uot;We do password screening to be sure the word chosen is not too common. It can’t be any word that is in the dictionary, for example.&uot;
The password cannot include any part of a person’s name or address, phone number, birth date, Social Security number or any other combination that would be easy for a potential thief to figure out.
Further, the password should change frequently, Lanneau said. &uot;Using the same password over and over is inviting trouble.&uot;