http://www.amcity.com/milwaukee/stories/1998/11/23/smallb2.html
November 23, 1998
Information security is challenge in technology age
Carlise Newman
When the technology age began several years ago, computer hackers were
commonly thought of as techie eggheads whose primary source of
entertainment -- aside from breaking into Fortune 500 company databases --
was playing Dungeons and Dragons, the cultish science fiction game popular
in the 1980s.
While those kinds of hackers still exist, the culprits of stolen company
information are often internal, and like large corporations, small
businesses need to protect valuable information as well.
"Small, growing businesses tend to be cash-strapped. They don't think they
have the money to invest in a security infrastructure," said Kelly
Hansen, president of Sun Tzu Security Inc., a network information security
solutions provider in Milwaukee. "They're playing the odds. Business
espionage is really, really popular right now."
Security should be a priority, but a business need not spend thousands of
dollars on products to keep information safe. It could be a simple matter
of internal file management, Hansen said.
File servers can be set up so that only people who need access to that
information may see it. Or, if it's affordable, a business may want to
invest in a firewall, a wall of software that keeps unauthorized users or
intruders outside a company's network.
When Hansen started her business in 1996, few businesses were thinking
about network security solutions. Now, most larger companies have systems
in place, and smaller companies are thinking about it as well, she said.
Businesses with multiple branches and sensitive information, such as law
firms or insurance companies, are likely victims of hacking.
Habush, Habush, Davis & Rottier, a Milwaukee law firm with 44 employees,
has begun to implement security in its 10 offices. Initially, the firm
installed layers of passwords internally, so only appropriate employees
have access to confidential information.
"Right now, we're just working on protecting ourselves internally, but
that will change," said Kevin Hood, information systems manager for the
firm.
He also is working on centralizing information to one branch, so that
accounting, administration and other department's databases are located in
the main branch, rather than scattered locations. Centralization will
lessen the chance of outsiders gaining access to the information, since it
will not be sent between different offices via the Internet or e-mail.
"The Internet scares me more than anything else," Hood said.
Businesses can never be entirely sure that their day-to-day business is
secure unless it is encrypted. Encryption keeps e-mail messages
confidential by scrambling messages electronically so that only the
intended recipient can unlock the information.
Also, strong computer password usage is encouraged at all levels of
business. A good password is one that uses both alpha and numeric
characters and both upper and lower case letters.
Hackers use lists of words and randomly picked alpha-numeric characters to
break into systems. One of the most common passwords used is "password,"
Hansen said.
Hansen warns businesses not to rely on their Internet service provider
(ISP) to secure information.
"ISPs are all about access, not security," Hansen said. "Small, local
ISPs especially do not offer any type of security when giving a business
access to the Internet."
For a business using electronic commerce, Internet security is extremely
important. Typically with e-commerce, a person may submit an order using
a credit card number through an electronic order firm on the company's Web
site. To hack through the site, all it would take is for someone to
submit a false order, Hansen said.
Most businesses don't know that if credit card numbers are stolen through
e-commerce, the credit card company will go after the vendor to pay for
damages, he said.
"If you have a really good firewall, that can't happen," Hansen said.
Another mistake businesses make is purchasing the firewall and then
setting it up themselves, Hansen said. In many cases, businesses have
installed the firewalls incorrectly and become victims of hacking, he
said.
But aside from all of the technical remedies for information security, it
is good practice to have strict physical security as well, said Marcus
Barton, information services manager for Interactive Business Systems, a
Brookfield computer consulting firm.
"There is so much hacking that occurs from within. One simple thing to do
is lock up your computer so only you have access to it," Barton said.
TCA Insurance Inc., a life insurance agency in Menomonee Falls, has thus
far relied on physical security to keep its records safe, but may
implement more security policies soon, said the firm's president, Jeff
LaSota.
Most of TCA's information is not private, but sensitive data such as
health statistics for life insurance policies is not revealed to anyone in
the company except those who interact with the insurance company.
Accounting and payroll is performed off-premise, so employees cannot have
access to that information as well.
TCA's client files are kept on paper, rather than computer databases.
"Locked file cabinets are still a good way of protecting information,"
said LaSota.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Dec 8 08:59:00 1998