The Computer Security Institute's latest "Computer Crime and Security Survey" confirms that cyber–attacks continue to plague American businesses and institutions. Ninety percent of survey respondents experienced security breaches within the last year, and eighty percent suffered financial losses. The 223 respondents who could calculate the financial costs reported total losses of over $455 million.1
Noting that most of targets of cyber–attacks are large businesses or government institutions, Richard Hanley, a professor at Quinnipiac University's School of Communications in Hamden, CT, says that "the probability of an external hacker gaining entry to your system is actually quite slim." Nevertheless, hackers prowl the Internet looking for easy, vulnerable targets, so it's imperative that you take measures to protect your data and computer hardware.
Remember that there is no foolproof system to combat hackers. Abiding by the following checklist, however, will help reduce your susceptibility.
Buy the latest in anti–virus software, and update it regularly – at least twice a week. Virus infections often occur because users assume that they don't have to do anything once the software has been installed.
This sounds like a lot of work, but fortunately many anti–virus programs, including McAfee's Anti–Virus program, provide "automatic updates", in which your virus detection system scans the vendor site for an update anytime you're online. When you use auto–updates, you won't need to purchase new software. All you'll have to do is re–register each year (typically for around $10 or $15) on the manufacturer's site. (If you wish, of course, you can buy new software packages each year or so instead, and then take advantage of the online upgrades included in the package).
To make sure your virus software is engaged, click on the virus icon on the bottom right hand of your computer screen. "Auto Protect" should be marked as enabled, unless you're installing new software.
Buy firewall software (in addition to virus protection software — you need both). Anti–virus software scans incoming documents, files, emails, and software, while a firewall blocks hackers from using your Internet connection to tap into your computer. It used to be that you needed a firewall only if you had cable, DSL, or other always–on, high–speed access, but now all Internet (including dial–up) can be exploited by viruses. You also need a firewall if you have a Web site, whether you host the site yourself or employ an outside hosting company. Once you've installed a firewall, click on the icon on the bottom right hand of your computer screen and make sure that "Auto Protect" is enabled.
Remember: if you host an e–commerce site with an outside company, make sure they use the latest SSL or SST encryption technology to protect the personal information of your customers from hackers. SSL and SST are the standards in encryption technology.
The vast majority of small businesses are leaving themselves open to attack," says Andrew Moloney, a manager for entry–level systems at 3Com. "Very few of them are installing firewalls because they think they're being protected by their hosting services."
Another helpful — and affordable — software program is BlackICE, an intrusion detection system that will notify you whether and when hackers have tried to tap into your network. This program, unlike anti–virus and firewall software, is not a must–have, but if you have a lot of sensitive data on your network (such as financial records or sensitive intellectual property) or an e–commerce site (where you'll likely have sensitive customer information) this software will give you an extra layer of protection — and greater peace of mind.
"Do not take a 'this can't happen to me' attitude," says Hanley. He urges businesses to determine when, and which, employees can access what data and systems. Passwords help ensure that only authorized users access your system. Set up passwords for all of your databases and require employees to change them every thirty to ninety days.
Dr. Kathleen Sindell, author of SafetyNet: Protecting Your Business on the Internet, says you should set up passwords for all of your programs, including Word® and Excel®. "If you don't set passwords for these programs, anyone can access them using vendor default passwords." You can learn how to set up passwords for Word and Excel by visiting the Microsoft site and looking up passwords under the respective program.
You should also back up your file registry, which is a database containing nearly all of the setting for Windows® and your installed applications. It also contains operating instructions for your computer and its programs and, for this reason, is a common target of cyber attacks.
Many computer viruses will spread by infiltrating computer users' e–address books and sending out infected emails to their friends. In other words, just because an email is from a familiar sender doesn't mean isn't necessarily friendly. If you receive a suspicious or unexpected email attachment, scan it in Outlook® or Outlook Express® (don't open it!). Scanning it will allow you to glimpse the contents without unleashing potential viruses. (Learn how to scan for email.) If you receive a suspicious or infected email, delete it, empty your trash, and alert the entire company.
Never open a file called "readme.exe", the tell–tale sign of the Nimda worm. Also be extra cautious about other executable attachments, specifically files that end with exe, vbs, or shs.2
Since Windows® does not show file attachments as a default, here's what you need to do in order to see file attachments: double click on "My Computer", then click "View Menu" and select "Folder Options". In the "Folder Options" dialogue box that appears, click the "View" tab and de–select the option "Hide file extensions for know file types". Finally, click OK.3
Microsoft regularly issues patches to plug any holes that hackers might find in Internet Explorer. You can find the latest patches at Microsoft's Web site.
Dr. Kathleen Sindell advises that you also watch out for bogus security patches. If you receive an email telling you to click onto a link to receive a security fix; ignore it — unless it comes from the computer systems administrator in your office.
The steps outlined so far apply to homes and small businesses. If you own or work for a large company, you'll also need more robust protection, since hackers often go after larger companies to attract media attention. You should consider investing in a dedicated systems administrator and a powerful intrusion detection system. Souped–up intrusion detection software can cost between $2000 and $12,000. Popular programs include Axent NetProwler, Cisco's Secure Intrusion System, Computer Associates' Session wall, Internet Security System's Real Secure, and Network Ice, among others. You may also want to consult with a cyber security firm.