Page 32

off-site workforce, also offers inroads for nefarious doings. Any hacker can sit in a Starbucks with a laptop and watch networks pop up, then pick whichever one strikes his or her fancy. “It’s a lot easier than figuring out how to bang on the firewall,” Song says. For a company, that means “your weakest password of your most gullible user is your new firewall.” All it takes is one dupe clicking on a bad link, and the whole organization is exposed. Denning cautions against using free wireless networks to check email, because “you don’t know who else is on there.” Encrypted email — for example, accessed through a site beginning with “https” — is likely okay, she said, but otherwise, it could be a risk. (Google announced in January 2010 that it was switching all Gmail accounts to https encryption. See the sidebar for more tips on protecting yourself in cyberspace.) With online transactions integral to so many businesses, it would seem that security would be among a company’s highest priorities. But that’s just not the case, many experts say. “Even the best companies are not as vigilant as you’d like to think,” says Jennifer Martin (’87), senior corporate counsel at the secu-

KEEPING SAFE IN THE DIGITAL AGE

rity software company Symantec. Despite the potential harm a

With botnets, worms, malware, and phishers skulking around cyberspace, these tips will help you keep your computer, and all your private information, out of evil clutches. Our information was culled from “Symantec’s Guides to Scary Internet Stuff,” a series of kicky, informative videos on YouTube.

analyzed through the cost/risk matrix. Indeed, many companies

/// DON’T CLICK on email attachments from unknown or

untrusted sources.

/// DON’T CLICK on links from within emails nor copy and

paste; type the URL into the browser.

/// MAKE SURE you have a firewall and that it’s turned on. /// ALWAYS UPDATE your software when you get a message

to do so; a big thing these updates do is patch newly detected vulnerabilities.

/// INSTALL SECURITY SOFTWARE, such as programs sold by

Symantec, McAfee, Trend Micro, and Panda.

/// KEEP IN MIND that your bank will never ask you to confirm

details such as your account number via email; don’t fall for it.

/// LOOK FOR YOUR NAME. Phishing emails tend to say “Dear

valued customer” or something similarly generic.

/// IF YOU’RE IN DOUBT, rest your mouse pointer on the link;

this will show the real web address. If it looks something like “www.fredsbank.com/scamartist” instead of a legitimate address, such as citibank.com, don’t click.

/// Did we say DON’T CLICK?

30

LSA Magazine / SPRING 2011

cyberattack can cause, in actual dollars and damage to reputation, online security is still a business cost like any other, to be do invest heavily in security, Martin says, but for others — even Fortune 500 companies —“it often takes an event for them to al 

locate the funds.” Social networking has made a hacker’s job easier. “Their primary toolkit is social engineering,” says Martin, who prior to joining Symantec worked in the U.S. Department of Justice’s computer crime section and at Stroz Friedberg, a computer forensics company in New York. If someone raves on Facebook about, say, a hotel they just stayed at, a hacker can use that information in a phishing email. “The more you know about somebody, the easier it is to sound legitimate.” Federal laws and regulations provide some protections, such as the FDIC ’s Regulation E — which covers the rights, responsibilities, and liabilities of consumers and banks pertaining to electronic transfers of funds, including who’s responsible for what in the case of fraud — and the Sarbanes-Oxley Act, which requires any financial institution regulated by the SEC to have a certain level of technological security and undergo regular compliance audits. Likewise, any company that handles credit cards or offers financial transactions online could be subject to a consumer fraud investigation if they don’t meet minimal security requirements. This is all well and good, but as history shows, hackers usually can dismantle any new safeguards they bump into. “As long as people can make money, they will,” Denning says. “The bad guys are pretty good at innovating.”

PHOTO Ikon Images/Alex Williamson

Crime and Punishment  
Crime and Punishment  

Spring 2011 issue of LSA Magazine.

Advertisement