This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------58EB3BCD4532 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-ID: <Pine.SUN.3.96.981126045556.19243Nat_private> http://www.amcity.com/milwaukee/stories/1998/11/23/smallb2.html November 23, 1998 Information security is challenge in technology age Carlise Newman When the technology age began several years ago, computer hackers were commonly thought of as techie eggheads whose primary source of entertainment -- aside from breaking into Fortune 500 company databases -- was playing Dungeons and Dragons, the cultish science fiction game popular in the 1980s. While those kinds of hackers still exist, the culprits of stolen company information are often internal, and like large corporations, small businesses need to protect valuable information as well. "Small, growing businesses tend to be cash-strapped. They don't think they have the money to invest in a security infrastructure," said Kelly Hansen, president of Sun Tzu Security Inc., a network information security solutions provider in Milwaukee. "They're playing the odds. Business espionage is really, really popular right now." Security should be a priority, but a business need not spend thousands of dollars on products to keep information safe. It could be a simple matter of internal file management, Hansen said. File servers can be set up so that only people who need access to that information may see it. Or, if it's affordable, a business may want to invest in a firewall, a wall of software that keeps unauthorized users or intruders outside a company's network. When Hansen started her business in 1996, few businesses were thinking about network security solutions. Now, most larger companies have systems in place, and smaller companies are thinking about it as well, she said. Businesses with multiple branches and sensitive information, such as law firms or insurance companies, are likely victims of hacking. Habush, Habush, Davis & Rottier, a Milwaukee law firm with 44 employees, has begun to implement security in its 10 offices. Initially, the firm installed layers of passwords internally, so only appropriate employees have access to confidential information. "Right now, we're just working on protecting ourselves internally, but that will change," said Kevin Hood, information systems manager for the firm. He also is working on centralizing information to one branch, so that accounting, administration and other department's databases are located in the main branch, rather than scattered locations. Centralization will lessen the chance of outsiders gaining access to the information, since it will not be sent between different offices via the Internet or e-mail. "The Internet scares me more than anything else," Hood said. Businesses can never be entirely sure that their day-to-day business is secure unless it is encrypted. Encryption keeps e-mail messages confidential by scrambling messages electronically so that only the intended recipient can unlock the information. Also, strong computer password usage is encouraged at all levels of business. A good password is one that uses both alpha and numeric characters and both upper and lower case letters. Hackers use lists of words and randomly picked alpha-numeric characters to break into systems. One of the most common passwords used is "password," Hansen said. Hansen warns businesses not to rely on their Internet service provider (ISP) to secure information. "ISPs are all about access, not security," Hansen said. "Small, local ISPs especially do not offer any type of security when giving a business access to the Internet." For a business using electronic commerce, Internet security is extremely important. Typically with e-commerce, a person may submit an order using a credit card number through an electronic order firm on the company's Web site. To hack through the site, all it would take is for someone to submit a false order, Hansen said. Most businesses don't know that if credit card numbers are stolen through e-commerce, the credit card company will go after the vendor to pay for damages, he said. "If you have a really good firewall, that can't happen," Hansen said. Another mistake businesses make is purchasing the firewall and then setting it up themselves, Hansen said. In many cases, businesses have installed the firewalls incorrectly and become victims of hacking, he said. But aside from all of the technical remedies for information security, it is good practice to have strict physical security as well, said Marcus Barton, information services manager for Interactive Business Systems, a Brookfield computer consulting firm. "There is so much hacking that occurs from within. One simple thing to do is lock up your computer so only you have access to it," Barton said. TCA Insurance Inc., a life insurance agency in Menomonee Falls, has thus far relied on physical security to keep its records safe, but may implement more security policies soon, said the firm's president, Jeff LaSota. Most of TCA's information is not private, but sensitive data such as health statistics for life insurance policies is not revealed to anyone in the company except those who interact with the insurance company. Accounting and payroll is performed off-premise, so employees cannot have access to that information as well. TCA's client files are kept on paper, rather than computer databases. "Locked file cabinets are still a good way of protecting information," said LaSota. --------------58EB3BCD4532-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:12:35 PDT