Posted: 03.14.2008
Written by Philip M. Lyon, Commercial Vice President
Do you believe hackers have no interest in your company because they’re busy trying to crack security at large corporations or government institutions? You should reconsider.
Increasingly, criminals love infiltrating smaller businesses because, often with minimal effort, they can access useful, private information, in minutes; undetected. Many businesses have a false sense of security regarding technology and, as a result, may fail to take basic action necessary, including cyber insurance, to protect their data.
“My wireless network is secure.” Wireless networks out of the box are just slightly more secure than walkie talkies. Seriously, many wireless systems can be accessed by hackers running sniffer programs on laptops from their cars. During install, change the generic administrator password and turn off the router’s broadcasting of the network’s name (known as the Service Set Identifier, or SSID). Add Wi-Fi Protected Access (WPA) encryption software to make your wireless network tougher to penetrate.
“Our system is password protected.” Passwords are to computers as keys are to cars. Lack of easy access might slow a casual thief, but it won’t stop one with skill. Effective password cracking programs are available for free on the Internet. Fight back using lengthy passwords that include numbers, special characters, and both upper- and lower-case letters. Adopt extra system security, like re-set delays that prevent hackers from testing multiple passwords during short periods of time. Last, you wouldn’t leave your credit card under your keyboard, so don’t leave your password there either.
“I have a firewall. Nobody can get into my system.” Vital for controlling system access, firewalls have their limitations, including little or no antivirus protection. But, that is remedied by installing antivirus programs. Your primary concern: “configuration.” When you purchase a firewall, all the “locks” and “doors” are set to “open” and they must be configured appropriately. Your network administrators must have a solid grasp of network protocols and computer security because even small installation or maintenance oversights can leave a firewall useless against attacks.
“My system can’t be infected. I have antivirus software.” Most antivirus programs do an excellent job of preventing invasions from known threats. But, with between 200 and 1,200 new viruses detected every month, downloading antivirus updates and scanning systems must be regular maintenance items. Refrain employees from downloading applications from unknown sites, opening suspicious e-mail attachments; or using peer-to-peer file sharing sites. Create a “layered” approach to protection by installing antivirus software on your network, your e-mail system, and individual computers.
“What about insurance?” Innovative protection from insurers such as CNA is designed for companies that rely on computer networks. These products can cover a security breach resulting in privacy injury; identity theft; network damage resulting in theft of others’ information in your care, including trade secrets; and infection of others’ networks. In addition, costs to comply with applicable laws requiring customer or user notification if your security breach potentially compromise private information is available. Today, protection for network security, content and privacy liability are all available as insurance evolves to meet the dynamics of data security.
Phil can be reached at 586.977.6300 or pylon@alcos.com
