The Brevard Technical Journal

Are your computer networks safe?
Despite awareness, threats are constantly evolving

By Anne Straub
Brevard Technical Journal

Whatever your company is doing to protect its computer networks, do more, and more often.

That's the message software and information technology associations want to get out in a world they say is increasingly vulnerable to an attack on computer networks.

SECURITY TIPS

• Use protection software and keep it up to date.
• Don't open email from unknown sources.

• Use hard-to-guess passwords.

• Protect your computer from Internet intruders through firewalls.

• Don't share access to your computers with strangers.

• Disconnect from the Internet when not in use.

• Back up your data.

• Regularly download security protection updates.

• Check security regularly, such as when you change clocks twice a year.

• Make sure family members and-or employees know what to do if your computer becomes infected.

Source: National Cyber Security Alliance. See www.staysafeonline.info.

"Despite the heightened awareness, the gap is still growing. The threats are constantly evolving," said Jeri Clausing, spokeswoman for the Business Software Alliance in Washington, D.C. "Even though people are investing more in cyber security, more and more of our lives are being affected by cyberspace. It's not keeping up with the increased threat."

According to a recent BSA survey of more than 600 information technology professionals, 60 percent of those who are directly responsible for their company's network security believe that U.S. businesses are at risk for a major cyber attack in the next 12 months. A similar number think the risk of attack has increased since Sept. 11, 2001.

Although the organization referred to the terrorist attack on the United States, international politics isn't the only threat to network security. "It could be anyone," Clausing said.

Viruses, worms and denial of service attacks that overload networks to the point of shutting them down can wreak havoc on businesses and require continuous vigilance. "This is an ongoing process. Once a year doesn't cut it," said Shannon Kellogg, vice president of information security programs and policy for the Information Technology Association of America.

Billions of dollars were lost a few years ago when the "I love you" virus spread throughout networks. "Now think three years forward. The threats have evolved," Kellogg said.

Years ago, "the only thing you had to worry about was making backups," said Greg Teesdale, CFO of Melbourne-based AuthenTec. Today, email filters, hardware and software firewalls and daily updates for virus protection are just some of the measures that have become commonplace.

About six months ago, the company's protective systems detected an intrusion from a computer user at a Texas university. "He was just using our server to play games," Teesdale said. A simple email put an end to the breach. Another case required a reboot of saved information.

"It's a nuisance to deal with, but not real painful," Teesdale said.

His own company is part of the effort to protect computerized information. AuthenTec makes fingerprint sensors used to control access, such as to computers. One customer, a hospital, uses them to limit access to bedside charting. Only people whose fingerprints are enrolled in the system can get to the information.

"I use my fingerprint sensor on my laptop 25 to 30 times a day," Teesdale said. The sensor adds a level of protection in part because it eliminates the temptation to use a password that's easy for the user to remember - and easy for a hacker to guess -- to gain access to the computer. "I don't have to remember my password, so I can make it extremely complicated."

Other forms of security are available from companies that market products to protect networks. For example, a security package from McAfee Security would cost of about $60 per computer on a network. The strength of the company's sales, despite the current economic slowdown, indicates companies are seeking protection in increasing numbers, said Ryan McGee, director of product marketing.

That's a good sign to Clausing, whose organization is lobbying the government to include an entity devoted to cyber security under the Homeland Security department. She points to the effort to avert problems related to the change to Y2K as an example of the success that business and government can have when they work together.

"Our message is that people have to be aware. Y2K was a one-time thing. Cyber security is ongoing, and the threats change hourly, or by the minute," she said.

For more information on securing your computers, see www.itaa.org and www.bsa.org.