  |
 |
|
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: | ||
 |
|
CYBERCROOKS WINNING FIGHT FOR INFO ON WEBSource: Statesman.comPosted on April 15, 2008 Despite all the antivirus software, all the extra security features in your computer's operating system and all the government regulations intended to make the Internet a safer place, your personal computer and your personal data are as threatened as ever. If you couldn't already tell that from the latest e-mails offering to enlarge certain parts of your anatomy or - congratulations! - saying you won millions in a Netherlands lottery, consider some statistics released last week by tech security company Symantec Inc.: • The amount of spam flowing over the Internet grew by 16 percent in the second half of last year and now makes up more than 70 percent of all e-mail traffic. (Other Internet security companies put the proportion at 95 percent.) • The number of computers used for "phishing" Web sites - designed to trick users into giving up sensitive financial or personal data - more than quintupled in the second half of last year from a year earlier. • The amount of malicious code - computer-speak for viruses or other software designed to take over, shut down or steal data from computers - more than quadrupled last year. Symantec predicts there will soon be more bad software than good software in the computing world. "It's a constant black-hat, white-hat sort of game that's never going to end," said Neal Hartsell, vice president of product marketing for Austin-based computer security company TippingPoint Technologies Inc. "I don't think anyone would suggest that there hasn't been a lot of progress made in addressing the kinds of threats we dealt with three or four years ago," Hartsell said. "However, there's a whole class of newer threats that hackers are using that are more sophisticated than ever." No longer is the typical hacker a teenager trying to deface Web sites or shut down a government network for just for fun, Hartsell and others said. Today, the biggest threats come from criminals aiming to make money through Internet scams, stealing and reselling personal data, or blackmailing corporations with lost or stolen data. Finding them is tough, shutting them down can be tougher, and protecting every computer user is next to impossible. "Right now, the problem is unbounded," said Chris Rouland, chief technology officer for IBM Internet Security Systems. "There's basically an infinitely small chance that these guys will ever get caught, (and) the amount of revenue they generate is unlimited," he said. "It's really the perfect crime today." Some of the rise in computer threats is related to the fact that there are simply more computers than ever - not just desktops and laptops but also handheld devices, "smart" cell phones and other gadgets. And although computer security companies have a history of hyping problems to sell more products and services, the problems are clearly increasing, especially as companies and consumers rely more and more on the Internet to store, sift and swap data. "The front lines have in fact shifted," Symantec Chairman John Thompson told attendees at a computer security conference in San Francisco last week. "The battleground for security no longer revolves around the infrastructure; it now revolves around the information. And this wide- open world is full of confidential information everywhere." About 71,000 Georgia families are learning that first-hand. WellCare Health Plans Inc. said last week that private insurance records of about 71,000 members in Georgia were accidentally made available on the Internet for several days. Other recent disclosures of data breaches highlight the problem facing consumers, businesses and public agencies of every kind: • Texas A&M University said it accidentally posted the Social Security numbers of 3,000 students online. • Advance Auto Parts recently announced that hackers may have tapped into the financial information of some 56,000 customers who bought goods from stores in Georgia, Ohio and other states. • MTV Networks said an outside hacker tapped into the Internet connection of a laptop to access confidential data on 5,000 employees. • ChildNet, the child protection service in Broward County, Fla., said a stolen laptop contained the personal records of some 12,000 applicants. According to the nonprofit Privacy Rights Clearinghouse, major data breaches now occur almost on a daily basis, often because outside hackers tap into corporate databases, or lost or stolen laptops or storage devices fall into the wrong hands. More than 223 million data records of U.S. citizens have been exposed because of security breaches since January 2005, according to the group. Computer security companies now advocate that companies and individuals do more than just install and update virus software, passwords and firewalls to protect themselves and their data. "What's good enough today isn't going to be good enough in the future," Jim Bidzos, vice chairman of security company VeriSign Inc., said at last week's RSA conference. "We're still trying to fix things with Band-Aids ... and there are consequences of that that aren't very pleasant." For starters, access to data should be limited only to people who need it, security companies say. Unneeded data should be destroyed immediately. Access points to the Internet should be limited. At the same time, they say, portable devices such as laptops or handheld computers ought to be more secure. The use of devices such as portable USB memory drives should be limited. And public wireless networks, many say, should be avoided. Some say the government needs to get more involved, too. Trade groups for security vendors are beginning to lobby Congress for regulations that would force companies nationwide to implement data protection policies. Such a law would replace different data protection rules in about 40 states. Of course, the government has passed laws (remember the Can-Spam Act?), and security and software companies have advocated changes and introduced new products before. "What we really need is a federal law that will set one very high standard to protect consumers," said Thompson of Symantec. "Right now, too many businesses are leaking information just like a rusty bucket." How to be Web-wise• Use Internet firewalls and regularly update and install antivirus software. Check for and install software security updates. • Don't put credit card numbers or other sensitive information in the body of e-mails. Instead, use the telephone or a secure Web site. • Don't provide personal and financial information, especially on Web sites and in e-mails, if it's not absolutely needed. • Type the names of Web sites instead of using links provided in e- mails. • Click on the little 'lock' icons on Web sites to display the digital security certificate for the site. The address and organization listed on the certificate should match the name and address in your browser. If not, don't use the site. • Eliminate online accounts you don't use. • Don't open or reply to spam even if it appears to be from someone you know. Don't open or reply to e-mails from senders you don't recognize. • Limit the use of public wireless networks and don't sign on to public hot spots you don't recognize. They could be bogus sites set up by hackers. • Frequently change passwords; use security codes for home wireless networks. • Limit the number of access points to the Internet in your home or business. • Turn computers off when not in use.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
|
ALERT  WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |