|
|
|
Protecting Your Businesses from Hackers and
Viruses
As more and more companies are
establishing an online presence, they are increasingly opening their
systems up to attack by hackers. Following some basic procedures can
minimize the possibility of this happening.
Just as advances in technology
provide us with fresh opportunities and quicker ways of doing things,
they also make us more vulnerable. For instance, the more we rely on
modern forms of communication as new ways of conducting business, the
greater the risks.
In particular, the rush by small businesses to establish a presence on
the Internet, along with the growing number of companies taking up
e-commerce, has seen the emergence of a new threat with the potential to
create havoc on a widespread scale.
Everyone is in danger. You may not know it, but that missing file,
strange email or mysterious change to your website could be a sign that
you’ve been hacked.
According to Raoul Wegat, director at a computer security firm, hackers
usually deface websites by exploiting vulnerabilities or ‘holes’ in your
server’s software, especially Microsoft products.
“Microsoft has released patches to shut these holes. However many system
administrators are not aware that these patches even exist, hence the
amount of defaced websites we see these days,” he explains.
Patches are small pieces of programming that update applications like
Microsoft Outlook or Outlook Express to make them more secure.
The most popular technique used by the modern hacker is creating and
sending viruses, which can be transmitted as attachments to an email, as
downloads, or be present on a floppy disk or CD.
Andrew van der Stock, chief technologist with a security specialist,
says there are three major types of viruses: true viruses, Trojans and
hoaxes.
“The last two require the end user to execute the ‘payload’, which does
the infection and allows the malware (malicious software) to spread.”
Due to the widespread use of Microsoft operating systems around the
world, most viruses, or ‘worms’, could be more correctly termed
Microsoft Outlook viruses, because they only spread through Microsoft
Outlook or Outlook Express.
“These viruses and worms use flaws in Microsoft's design of Outlook to
spread. The damage they do includes sending personal documents to
everyone in your address book (mass-mailing), and deleting or renaming
files,” Wegat says.
But just as the potential impact of a particularly far-reaching nuclear
war can’t really be predicted, the potential impact of a particularly
far-reaching virus also can’t be measured.
The issue is beginning to be taken seriously however, and there are now
plenty of measures that small businesses can take to ensure they are
safe.
For example, ‘firewalls’ protect computer systems by refusing all
incoming emails or downloads unless you explicitly enable them, and are
considered to be a first line of defense in protecting private
information.
Unfortunately, there isn’t a simple solution.
Wegat explains that because most website hosting is outsourced, “you
really are at the peril of the web hosting company, so make sure you use
a reputable firm.”
According to Van der Stock, the best way to find out if your web hosting
company is safe against attack is to ensure that they keep up with
patches or service packs, regularly strengthen their servers, and
conduct regular internal and external audits of their security.
“Small and medium-sized business owners would be well advised to go to
their PC supplier and buy a volume license pack for virus protection,
preferably from one of the bigger players.”
“Virus protection is not a panacea. Make sure all data is backed up,
every night, and that backups are kept for at least a month,” he adds.
But while having your website tampered with or files deleted is one
thing, the prospect of external parties gaining access to things like
online payment and ordering systems is even more worrying.
This is where the potential exists for real money to be lost.
Wegat warns that while e-commerce transactions are usually safe because
the communication between a company’s browser and server is normally
encrypted (converted into code form), it doesn't stop there.
“If orders are forwarded by email to the website owner, they should also
be encrypted. Remember, emails are like postcards - anyone can read them
along the way.”
Wegat says that as the Internet will always be prone to attackers,
simply installing a firewall is not enough, and small business owners
should take measures to properly understand their threats, assets and
underlying risks.
“We need people to understand that there is a price to attacking
infrastructure and if they are caught, the price will be paid.”
Van der Stock agrees, saying that he believes the Internet will never
become hacker-proof, just like society is not criminal-proof.
“You can protect yourself however,” he says. “Don't open strange
attachments from unknown sources. Don't use guessable or dictionary-word
passwords. Don't download questionable software.”
“In short, being aware of the problem will go a long way to beating it.”
Useful Web resources include:
Americas:
How Computer Viruses Work
Europe:
Computer Viruses: Some Basic Information
Asia Pacific:
Who's afraid of the security nightmare?
|
|
