http://www.al.com/business/mobileregister/index.ssf?/base/business/1194807233267130.xml&coll=3 By Kaija Wilkinson Business Reporter November 11, 2007 When retired U.S. Secret Service agent Gus Dimitrelos is called on to speak, the charismatic computer crimes expert tells of catching celebrity stalkers, serial killers and child predators using computer and cell phone data. But the Daphne consultant's business isn't all about cases that grab national headlines. Instead, he said, at least half is helping corporations prevent cybercrime or, when it occurs, finding out how it happened. Such crimes are more prevalent than some businesses realize, local exerts said. Among the top threats: theft of intellectual property, such as sealed bids or financial data; theft of personal information like credit card and Social Security numbers; and installation of malicious software including computer viruses that steal, corrupt or destroy data. Whether a business is dealing with fraud or general theft, Dimitrelos said, " the biggest threat is going to come from the inside." Finding who is responsible can get expensive. Dimitrelos, for example, charges $250 to $325 an hour. An security evaluation for a company with 700 to 1,000 or so employees can range from roughly $20,000 to $50,000, he said. The good news is that businesses can take relatively inexpensive steps to guard against fraud. Robertsdale-based Business Information Solutions Inc. has been hired by more than 600 area business clients in the past several years to design and maintain computer networks, including security systems, said Philip Long, chief executive officer. The company recently introduced a managed security service called Sentinel that starts at $79 a month for a basic service and can run around $500 for full maintenance and security. "With that we have a lot of real-time security auditing going on," Long said. Long said he tries to emphasize that businesses be proactive, rather than reactive, about computer crime. Still, he said, "you'd be surprised about the ones that aren't really concerned about (computer security)." Manufacturers, medical- related companies, law firms and banks are among those who tend to be most careful, Long said. Dimitrelos said his biggest client right now is national law firm Hunton & Williams, whose clients, in turn, include Federal Express and Coca-Cola. Companies are tight-lipped about what they do to protect themselves, but many acknowledge that it's crucial. Birmingham-based Regions Financial Corp. has several layers of protection in place, said spokesman Tim Deighton. "It's not just one person's responsibility," he said. "It's partly a technology issue, and it's partly a security issue. Obviously for a bank, it's vital." Computer security is no less vital for manufacturers like Atlantic Marine Holding Co., which protects information like bid and design details and financial data, said Herschel Vinyard, spokesman. Atlantic must also ensure that malicious software doesn't disrupt the flow of business, he said, adding that in shipbuilding, "computers are just as necessary as welding torches these days." Gabe Watson, senior network engineer at Mobile-based telecommunications company Southern Light LLC, said an employer's No. 1 line of defense is a firewall, a system that bars unauthorized users from a network or monitors information that travels between network and a personal computer. Southern Light manages firewalls for several large clients, including Mobile and Baldwin county public schools. Some have built-in content filtering, which prevents employees from sending or receiving profane e-mails or visiting questionable Web sites, but that typically is provided through a separate device, Watson said. Long said that it's important to monitor not only content coming in, but content going out. In the past 10 years, such security has gotten considerably more affordable, with a firewall with software that blocks spyware, viruses and pfishing sites starting at around $600 for a business with 15 to 20 users. But some security measures don't cost a thing, Long said, such as simply changing one's passwords often. Microsoft recommends every 21 days, he said. "Companies don't want to do it, because it's an absolute headache," he said. "But it's great because if somebody is (committing fraud) they can only do it for short period of time." Copyright 2007 Press-Register __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Sun Nov 11 2007 - 22:16:08 PST