Internet security is like road safety: both are governed by laws and policed for violators, but ultimately, ensuring both is a matter of individual defensive skills. Unfortunately, Internet safety presents as many potential hazards as the nation’s highways, and the ramifications are far wider in reach. Worms, spyware, and viruses can infect thousands of PCs in mere minutes, destroying information, corrupting applications, and sometimes even totaling computers. Identity theft is another major concern as individuals and businesses wrestle with protecting personal information from unauthorized access. On a larger scale, companies must protect against unauthorized access to client data and proprietary applications as well as network attacks. Security also involves testing business partners’ and service providers’ systems and applications to ensure compliance with your company’s standards. At a minimum, those standards should mandate data encryption and applications that identify and authenticate servers. Security threats do not all stem from the outside. Security also encompasses compliance with confidentiality laws such as the Graham-Leach-Blighly Act and HEPPA regulations. Systems and applications must be designed to protect sensitive data, and customer service representatives must be trained on what, how, and when information can be shared, as well as with whom. As Internet communications and e-commerce become increasingly integral to companies’ business processes, these issues become harder to manage. To maintain user trust and integrity, corporate perspectives on network security have transitioned from intrusion detection to intrusion prevention. Protect Your PC
For systems running Windows XP, the latest service pack has a built-in firewall that monitors incoming information. Even so, third-party antivirus software is still recommended as an added layer of protection. For all other operating systems (including earlier versions of Windows), install the best antivirus program available and enable automatic updates. If your PC does get slammed to the point where it is not responding or will not boot-up, one simple fix is to select the set-up option during boot-up. Look for “system restore” and select an earlier configuration. This may get your PC operating enough to install antivirus or spyware software to fix the problem. And remember: Nothing replaces regular data backups. Stop Identity Theft,
Don’t transmit personal information over the Internet, particularly if you didn’t initiate the contact. Scammers are becoming increasingly sophisticated. One con duplicated a bank’s logo and Web design style in an e-mail asking recipients to “update” their personal information. When you do transmit personal information over the Internet, make sure it’s a secure Web site. Secure URLs start with “https” rather than “http.” The “S” represents “secure,” meaning the data is encrypted. (A small lock icon denotes this). When storing personal data on your computer, use password-protected folders. If you suspect an intrusion when you are online, immediately disconnect from the Internet. Secure Proprietary Data and Systems
Data encryption, secure Web sites, user passwords, and privilege-based user access to data are all effective tools to protect corporate and client data. Even so, companies must continuously update and enhance network security to prevent attacks and intrusions. Screen scraping is one of the newest security concerns. This occurs when an unauthorized individual or company accesses your system’s data with a valid user ID. These unauthorized users may steal data or pirate proprietary applications to duplicate your company’s services. More than one company has been launched by screen scraping. American Airlines won a lawsuit that included a cease-and-desist order against a travel service using information taken without permission from American Airline’s public ticket-pricing Web pages. In another case, Google was sued for copyright infringement by a company whose licensed users were posting the company’s private data on unprotected pages that subsequently appeared in Google’s search results. Although Google did not steal the information, per se, the plaintiff claimed that without Google’s open searching technology, its information would not have been accessible to the public. Such abuses and invasions only continue to grow along with the Internet. Companies that don’t develop and evolve their IT security place their entire business at risk. For commercial Internet applications such as, password administration provides simple yet effective front-line protection. Password administration also serves as an ideal example of how IT security has to evolve. Early password systems that allowed as few as four alpha or numeric characters are easily hacked. Today, true protection requires longer passwords comprised of both alpha and numeric characters. Passwords should not be stored in the system, and only the user should have the ability to reset the password. This not only enhances security but also makes the user accountable for data accuracy and access. Systems also must automatically prompt users to change passwords periodically and not allow passwords to be re-used. Users who do not log in within a certain timespan - e.g., 90 days - should be de-activated.