Forwarded From: Nicholas Charles Brawn <ncb05at_private> 25Nov98 EASTERN EUROPE: COMPANY - IS YOUR IT SYSTEM SECURE? COUNTRY BRIEFING FROM THE ECONOMIST INTELLIGENCE UNIT For nights of sleep lost, few problems rival the loss of vital corporate information. And in few places around the world is the potential for data going missing higher than in Eastern Europe. Though the largest foreign companies long ago put secure and reliable communications systems in place, many have not. It's a large risk to be taking. Reliability is the key to smooth corporate communications, and that means back-up systems. "Any network manager worth his salt wants bullet-proof back-ups," says Tom Newbold, managing director of Metrotel, the Prague-based regional distributor for Orion Systems, a US-based satellite service. "You can't rely on one pipe." It also means coping with the fragmented nature of the regional market. Says Mark Dennehy, country CFO for ABB (Sweden/Switzerland) in the Czech Republic: "Whereas in Western Europe we negotiate a pan-[regional] deal with AT&T (US), [in Central and Eastern Europe] we work with the local operators." Unsurprisingly, many companies prefer one-stop shop IT solutions. Take Infonet Services Corporation (US), which creates partnership agreements with telecoms firms (not necessarily the monopoly PTTs), thereby enabling the company to offer a seamless service across all markets. Billing is easier, too: Infonet customer Volkswagen (Germany) can be charged in D-marks for its regional telecoms needs, for instance, replacing dozens of invoices denominated in koruna, zlotys or roubles. Satellite-based systems are another option: Orion's customers in the region include Colgate-Palmolive, Westinghouse, PepsiCo (all US) and Creditanstalt (Austria). Reconfiguration of a firm's network can take hours, not the days or weeks common with local fixed-line operators. And with construction commonplace in most East European capitals, land lines are still susceptible to an errant pickaxe or shovel. Or a well-aimed one. Mr Newbold tells of one potential customer in Moscow which is convinced that "construction" in front of the office is undertaken on the orders of a competitor, eager to interrupt business. The firm's communications network has been cut three times in the last several months. If security is a concern, companies can do a lot to help themselves. "I can't tell you how many companies send unencrypted contracts, acquisition models or pricing schedules over the Internet," says Mr Newbold. The risks are very real-Mr Newbold tells of one hacker who tapped into a circuit running from New York to Washington DC. Telling his computer to look for any e-mail with the words "acquisition" and "merger", he was able to tap a rich vein of commercial gold: the correspondence of investment banks and law firms working on deals worth tens of millions. The menace is aggravated in Eastern Europe by the variety of languages-encrypting the word "acquisition" in English-language contracts is not enough if Czech or Hungarian translations are also floating through the ether. Security problems are far less common on dedicated terrestrial networks. Virtual private networks based on leased lines and/or frame-relay technology are far safer than the Internet (where each firm shares bandwidth with thousands of others). On the software side, distributed database tools like LotusNotes offer an acceptable level of security for most firms. For peace of mind, follow a few simple rules: * Under no circumstances should off-the-shelf Internet applications be the sole means of sending information. At the very least use a distributed database tool. When using the Internet, employ encryption on all Internet-borne messages. * Back-ups are a must-not only of data, but of the infrastructure used to transport the information. If your terrestrial circuit occasionally goes haywire, investigate using satellite technology as a fall-back. * Train your staff. Loquacious employees can be far worse enemies than flawed systems. Teach them to keep potentially sensitive material out of everyday intra-firm e-mails. You never know who's listening. SOURCE: Business Eastern Europe. EIU COUNTRY BACKGROUND 25/11/1998 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:12:32 PDT