Security: Cybercops to the Rescue

How secure is your company's computer system from cyberattack? Chances are, not very secure, if at all. In fact, if you don't have an aggressive cyberpolice force guarding your workplace, it's only a matter of time before your corporate data will be compromised. Hackers pose a constant threat, and even your most trusted employees may be using sensitive business information to harm the company.

Cybercrime is on the rise. Some industry security reports show an increase of 100 percent to 150 percent in cyberattacks on corporate computer systems in the past two years, notes Mark Fabro, managing director of Guardent Canada, a digital security services company based in Toronto. "The larger the business operation, the greater the risk. That's because they have the most to lose. But even small businesses are prone to attack, often from within," he warns.

Information is the great motivator in electronic break-ins. Once hackers get access to it,and they will if you let them,they will steal it for their own use or corrupt it so you can't use it anymore. "Information is the most powerful tool, surpassing money and market share," Fabro explains. He has more than 15 years' experience in protecting computer systems, including work with the University of Toronto and Goddard Space Flight Center, Greenbelt, Md. Fabro has briefed more than 25 government agencies around the world, including the National Security Agency and the Pentagon, on computer security issues.

Can cybercrime be stopped? You can effectively protect your business data, says Charles Phillips, a firewall engineer with Ft. Lauderdale, Fla.-based CyberGuard, a company that provides flexible Internet, intranet and e-commerce security products and services. But the solution takes recurring budget allocations and a commitment from management.

How much money should companies dedicate to cyberprotection? That's easy, Phillips says: "It depends on how long you want to stay in business." Phillips draws from his experience teaching administrators and IT technicians to be cybercops. He is a self-proclaimed "ethical hacker" who tells administrators how to plug the holes he finds in their security systems.

New Type of Loss Prevention

Call them what you want,computer technicians, Internet technology people, even corporate policy enforcers. They are digital detectives, charged with keeping your computers safe from unauthorized access. If you don't have one on staff yet, you should consider hiring one or training an existing employee. The computer network specialists you already work with should be able to help in determining your specific cybercop requirements. Digital security companies are also available to assess your security needs and make recommendations.

Cybercops watch what comes into your hardware from the Internet and analyze data about users. They must watch closely what employees send over the Internet, too. "There is a growing need for ethical specialists to watch for nonwork-related data within the work site," Fabro says, "because such activities by employees detract from available bandwidth and waste company time and resources."

Fabro notes that it is common for employees to set up e-commerce operations using corporate computers and operate their private businesses on company time.

"There isn't any organization with more than a few employees that doesn't have these problems," Fabro says. Dealing with these issues takes a managerial commitment to support the efforts that cybercops must make, he adds.

Fabro recommends three steps to ensure cyberspace security. First, the company needs an Internet policy for all employees. This includes every position in the company, from the receptionist to the CEO. Second, effective enforcement practices have to be implemented. Generally, this is done with network software that assigns access levels to each employee. Third, the cybercop must make spot checks of employees' online activities.

To see how vulnerable any business is to industrial spying antics, consider an incident involving garbage that occurred in New York not long ago. Information sniffers bought tons of garbage from private trash haulers. The new trash owners sifted through piles of discarded papers, looking for inside business details.

"That kind of thing happens all the time," Fabro says. Only with computer hacking, there are no garbage haulers to bribe. All that is needed is a back door into your computer network. "There are so many points of entry for hackers that no one is completely immune to an electronic break-in," Fabro says.

Fighting Cybercrime

Attacks by cybercriminals traditionally take three forms: They steal confidential information by hacking into a computer; they damage corporations' or employees' reputations through depositing defamatory information on a Web site; or they block access to a business site, forcing the server to shut down from an overload of e-mail. Blocked access is called a distributed denial of service. It happens when thousands of e-mail messages are generated from a virus that multiplies from unsuspecting users' computers.

A new form of cyberattack,the release of protected information,is one of CyberGuard's biggest security fears. Recent court rulings have made owners and operators of computer networks responsible for their employees' actions. "If a worker's reputation is damaged by the release of information through a hacker or disgruntled worker, the employer is left holding the bag," Phillips says. To protect themselves from such liability, businesses must direct their cybercops to interpret actions of workers that reflect on the ethical and moral standards in the workplace.

Cybercops must demand that all employees run frequent virus scans and insist that they not deactivate virus scanners when they boot their computers.

Enforcing the relatively new practice of egress control is probably the most unpopular aspect of policing cyberspace at work. Egress control means limiting employees' ability to go anywhere they want on the Internet or the corporate intranet. Software settings must block what the user doesn't need. "Sure, this is inconvenient, but it is necessary to stop new attacks," Phillips insists.

"The primary reason that LANs and intranets are being infiltrated is because [too] little of this kind of cybercop activity is done in the workplace," Phillips says. "The average corporate site relies only on a firewall. This does nothing to block internal threats." He admits that restricting egress puts cybercops at odds with fellow workers. But he says company managers must remember that they can be hurt, even by someone they trust.

No Time For Complacency

The issue of how to handle cybersecurity boils down to the classic story of how high you build the fence to keep out infiltrators, according to Phillips. "Just buying a firewall is not the sole solution," he says. "Company cybercops must be aware of all possible threats and address each one. The French Foreign Legion learned years ago that you can't build a wall and then go to sleep behind it, thinking you are safe."

Fabro says complacency is the biggest problem. "Most of the cybercops today are not paranoid enough," he says. Those who serve as corporate cybercops have to become less narrow-minded. "They need to explore all possibilities for computer attacks and information theft," he says. Without this type of aggressive policing style, security efforts are doomed to fail. "There is no extent that a rogue won't go to get into your computer," Fabro warns.