Security is one of the fastest growing areas in technology today. Internet scams and hackers are more malicious and widespread than ever. For example, TJX recently announced that its computer system that stores and processes customer information was breached.
T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the United States and Puerto Rico and Winners and HomeSense stores in Canada were affected, as was information dating back to 2003.
The threat of hackers is so great that even the Department of Homeland Security conducted its own test cyberattack, called “Cyber Storm,” to determine reaction, recovery and coordination in response to a technical security breach.
This is a testament to a large and growing concern about computer and data security across all industries in the U.S.
Additional Viruses Ahead
New viruses are introduced daily and spammers use worms to create “spam zombies,” which clog inboxes, steal passwords and introduce Trojan Horses that allow for unauthorized remote access to a computer. This means no network — large or small — can afford lax security standards.
Organizations are constantly under attack and none can afford the risk of an unsecured network. Security breaches can be detrimental to customer relations, but they are also damaging to a company’s finances.
All it takes to sabotage a network is one person. It’s as simple as uploading a program that opens back doors into administrative computers, turning an entire computer system into a spammer’s playground.
More Passwords, Please
Networks should be secured by passwords. Even better, they should be turned off while not in use. Passwords are imperative to data protection.
The sharing of passwords can be extremely harmful to a system. Therefore, policies enforcing password changes every 90 days should be considered for every organization.
Virtual private networks (VPNs) utilize effective intrusion prevention and detection devices such as firewalls, antivirus and spam-filtering tools. With the simple click of a mouse, security updates and new viruses that circulate around the globe can be eliminated.
Monitoring of e-mail systems, along with daily system backups, ensure that problems are detected quickly and are fixed before further damage is caused.
Networks can be affected both by internal and external threats. Intrusion detection can segregate and isolate a subnetwork — or even a single machine — if security levels have been compromised or if they have yet to be updated from a central server.
No organization can hide from this phenomenon and the serious outcomes it brings along. California’s Hacker Law requires businesses and government agencies to “notify individuals when unencrypted personal information in the categories of Social Security number, driver’s license number, account number, or credit or debit card number has been accessed in a computer security breach.”
Security experts are employed by many organizations and can provide network assessment and maintenance. One can take the following small and relatively inexpensive steps to greatly reduce security breaches and hacking:
- Guard the gates. Firewalls should be properly installed and configured. Sometimes authorized and well-intentioned technicians leave “back doors” open to make it easier for them to provide support; these must be closed. If there are modems in use, even occasionally, they should be secured by passwords — or better still, turned off while not in use.
- Secure the servers. Make sure the server software is kept up-to-date and that the latest security patches are regularly and promptly installed.
- Defend the desktops. Similarly, make sure the desktop software updates are installed regularly.
- Apply antispam and antivirus measures. Low-cost software packages and service plans, available from many reputable providers, are easy to put into place. (Note: These also must be regularly updated.)
- Protect the passwords. Do not share passwords; make sure all employees have — and use — their own password(s) at all times. Enforce a policy that requires changing passwords every 90 days or more frequently. Also, be sure that user accounts for former employees and contractors are quickly disabled.
- Keep quiet. Many hackers obtain information that allows them unauthorized access simply because they ask. In these scams, a hacker might pose as a potential job applicant, a phone company technician or an Internet provider support representative. Too often, employees — while trying to be polite and helpful — unwittingly reveal crucial information that helps the hacker gain access.
Preparing for potential data threats is a critical component of business and can literally save a company. Businesses that fail to take security precautions run the risk of seeing hackers help themselves to private information.
Bill Abram is president and founder of Pragmatix. E-mail him at [email protected].