E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.		 LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


IN COMPUTER SECURITY, PEOPLE ARE WEAK LINK

Source: The Atlanta Journal-Constitution

Posted on January 18, 2007

      Metro Atlanta health care firm recently spent thousands of dollars to safeguard its computers and protect patients' health records from outside hackers.

      During the upgrade, a man posing as a help desk worker asked a dozen employees in the firm's nursing, pharmacy and radiology departments for their access IDs and passwords.

      They complied with little hesitation, giving away access to the company's medical systems and network.

      Fortunately for the company, which is unnamed for security reasons, it was a training exercise.

      Corporate America spends millions of dollars a year trying to protect itself from cyber-predators. And still there are leaks. Boston security consultant Richard M. Smith estimates it costs American businesses millions more dollars to clean up the mess.

      While it's tempting to put the blame for corporate vulnerability on elaborate spy rings or shoddy software, the culprit is closer to home.

      "It's not necessarily a software issue," said Aaron Cohen, president and founder of the Hacker Academy in Chicago. "It's a people issue.

      "People are a company's biggest asset, but they also are the biggest vulnerability."

      What's leaked out is often carried out =97 unwittingly =97 on workers' laptops, flash drives and other portable media devices, say Cohen and other risk management experts. Or it's given away by chatty workers or those who've been duped by scam artists in a practice called "social engineering."

      "It's more or less the art of getting information that should not be given to the wrong individual, by any means necessary," said Cohen.

      That's what happened to ChoicePoint. The Alpharetta-based data warehousing company unknowingly gave scam artists access to credit reports on 148,000 customers.

      More recently, Emory University had to notify 38,000 cancer patients at three Atlanta hospitals that their personal information may have been compromised when a laptop carrying their data was stolen from a business contractor in Ohio.

      "[Companies] build fences around their networks so they can keep bad guys out, but they can't keep information in," said Larry Bray, director of technology risk management in the Atlanta office of Jefferson Wells, a company that runs risk assessment tests. "It's not malicious. It's more careless."

      For many companies, safeguarding the vulnerability is akin to the little Dutch boy with his finger in the dike.

      Deterring hackers has become a flourishing business for companies like Jefferson Wells. The 10-year-old Wisconsin firm runs tests for businesses that want to determine the vulnerability of their IT systems.

      Jefferson Wells focuses on four areas: financial operations, internal audit, tax and technology risk management. The latter has grown exponentially.

      As technology becomes more intricate, so do the risks.

      In the past, technology risk assessments rarely made the agenda of boards of directors or even executive management teams, according to a white paper done last fall by Jefferson Wells.

      "Today, it would be hard to find a board member of a major corporation who doesn't connect identity theft to the use of a computer and the Internet," the paper noted.

      Bray has seen it all. Camera phones used in boardrooms to leak sensitive information. Blog chatter that exposes a company's IT system. Super-powerful wireless local area networks, WLANs, that let outsiders grab confidential data at will.

      "It's like having a bank vault," Bray said. "But once you take the contents out, they're unprotected."

      The data breach problem has gained greater notoriety because of laws requiring companies to notify people when there's been data theft, says Smith, who owns Boston Software Forensics.

      The U.S. government has taken bigger steps to protect its information. A recent proposal would require federal agencies to encrypt their data.

      "So if there is a theft, very few people can read the data," Smith said. "It's really easy to see why there's a problem. Laptops have become more popular, and more people work from home or on the road."

      But he says significant damage has been kept to a minimum. "A lot of times laptops are stolen for resale, not the information on it."

      Still, the Jefferson Wells paper found increasing concern among companies in their ability to protect confidential information.

      The survey also found that far more companies had conducted technology risk assessments than in previous years. Despite the greater attention to threats, a third of the companies surveyed had never conducted any tests.



CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.