[ISN] Information security is challenge in technology age

From: mea culpa (jerichoat_private)
Date: Thu Nov 26 1998 - 11:33:23 PST

  • Next message: mea culpa: "[ISN] Elron Picks up Hacker Blitz"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    
    --------------58EB3BCD4532
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.981126045556.19243Nat_private>
    
    
    http://www.amcity.com/milwaukee/stories/1998/11/23/smallb2.html
    
    November 23, 1998
    Information security is challenge in technology age
    Carlise Newman
    
    When the technology age began several years ago, computer hackers were
    commonly thought of as techie eggheads whose primary source of
    entertainment -- aside from breaking into Fortune 500 company databases --
    was playing Dungeons and Dragons, the cultish science fiction game popular
    in the 1980s. 
    
    While those kinds of hackers still exist, the culprits of stolen company
    information are often internal, and like large corporations, small
    businesses need to protect valuable information as well. 
    
    "Small, growing businesses tend to be cash-strapped. They don't think they
    have the money to invest in a security infrastructure,"  said Kelly
    Hansen, president of Sun Tzu Security Inc., a network information security
    solutions provider in Milwaukee. "They're playing the odds. Business
    espionage is really, really popular right now." 
    
    Security should be a priority, but a business need not spend thousands of
    dollars on products to keep information safe. It could be a simple matter
    of internal file management, Hansen said. 
    
    File servers can be set up so that only people who need access to that
    information may see it.  Or, if it's affordable, a business may want to
    invest in a firewall, a wall of software that keeps unauthorized users or
    intruders outside a company's network. 
    
    When Hansen started her business in 1996, few businesses were thinking
    about network security solutions. Now, most larger companies have systems
    in place, and smaller companies are thinking about it as well, she said. 
    
    Businesses with multiple branches and sensitive information, such as law
    firms or insurance companies, are likely victims of hacking. 
    
    Habush, Habush, Davis & Rottier, a Milwaukee law firm with 44 employees,
    has begun to implement security in its 10 offices. Initially, the firm
    installed layers of passwords internally, so only appropriate employees
    have access to confidential information. 
    
    "Right now, we're just working on protecting ourselves internally, but
    that will change,"  said Kevin Hood, information systems manager for the
    firm. 
    
    He also is working on centralizing information to one branch, so that
    accounting, administration and other department's databases are located in
    the main branch, rather than scattered locations. Centralization will
    lessen the chance of outsiders gaining access to the information, since it
    will not be sent between different offices via the Internet or e-mail. 
    
    "The Internet scares me more than anything else," Hood said. 
    
    Businesses can never be entirely sure that their day-to-day business is
    secure unless it is encrypted. Encryption keeps e-mail messages
    confidential by scrambling messages electronically so that only the
    intended recipient can unlock the information. 
    
    Also, strong computer password usage is encouraged at all levels of
    business. A good password is one that uses both alpha and numeric
    characters and both upper and lower case letters. 
    
    Hackers use lists of words and randomly picked alpha-numeric characters to
    break into systems.  One of the most common passwords used is "password,"
    Hansen said. 
    
    Hansen warns businesses not to rely on their Internet service provider
    (ISP) to secure information. 
    
    "ISPs are all about access, not security,"  Hansen said. "Small, local
    ISPs especially do not offer any type of security when giving a business
    access to the Internet." 
    
    For a business using electronic commerce, Internet security is extremely
    important.  Typically with e-commerce, a person may submit an order using
    a credit card number through an electronic order firm on the company's Web
    site.  To hack through the site, all it would take is for someone to
    submit a false order, Hansen said. 
    
    Most businesses don't know that if credit card numbers are stolen through
    e-commerce, the credit card company will go after the vendor to pay for
    damages, he said. 
    
    "If you have a really good firewall, that can't happen," Hansen said. 
    
    Another mistake businesses make is purchasing the firewall and then
    setting it up themselves, Hansen said. In many cases, businesses have
    installed the firewalls incorrectly and become victims of hacking, he
    said. 
    
    But aside from all of the technical remedies for information security, it
    is good practice to have strict physical security as well, said Marcus
    Barton, information services manager for Interactive Business Systems, a
    Brookfield computer consulting firm. 
    
    "There is so much hacking that occurs from within. One simple thing to do
    is lock up your computer so only you have access to it," Barton said. 
    
    TCA Insurance Inc., a life insurance agency in Menomonee Falls, has thus
    far relied on physical security to keep its records safe, but may
    implement more security policies soon, said the firm's president, Jeff
    LaSota. 
    
    Most of TCA's information is not private, but sensitive data such as
    health statistics for life insurance policies is not revealed to anyone in
    the company except those who interact with the insurance company. 
    
    Accounting and payroll is performed off-premise, so employees cannot have
    access to that information as well. 
    
    TCA's client files are kept on paper, rather than computer databases. 
    
    "Locked file cabinets are still a good way of protecting information,"
    said LaSota. 
    
    --------------58EB3BCD4532--
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:12:35 PDT