Keeping Corprate Networks Secure

In 1984, George Orwell’s protagonist Winston Smith knew that “Big Brother” was watching—monitoring his movements, listening to his conversations, and manipulating the public’s information. In 2003, a host of unseen entities can see what we do, read what we write, and steal our identities with no indication of intrusion. They need only to slither into our networks and seize the files stored on our computers’ hard drives.

Those who are responsible for maintaining data security in the corporate environment have a daunting task: to continually educate themselves about new and evolving threats and develop strategies for protecting against them.

What kind of information is on our computers?

Computers track every single thing we do on them. In addition to the data files we knowingly create, they record the keystrokes we use, the Internet sites we visit, the files we download, the chat rooms we frequent, and all correspondence. If we balance financial accounts, pay bills, and place orders online, all the relevant information remains stored on our hard drive for prying eyes to find.

Much of this data is retained in hidden files, so we can’t see it. Many people think deleting files, clearing our browser’s cache, or even reformatting our hard drive erases this information, but that is not the case. Anyone who knows what to look for and has the right tools can find this information and use it against us.

Corporate computers store confidential business and client information as well. Computerized ATMs log every transaction we make, along with our account numbers and balances. Pharmacies track our prescription records, and hospitals track our medical records. Employers maintain personnel files that include our social security numbers, addresses, phone numbers, and employment histories. If these records are not completely secure, our privacy is jeopardized.

How do these files become vulnerable?

There are many avenues by which thieves can access confidential files. Corporate networks are susceptible to security breaches through “back doors” in software and hardware. Trojans, viruses, monitoring software, and spyware can surreptitiously broadcast personal information from any Internet-connected computer. Even retired computers that have been “wiped clean” are often ticking time bombs containing sensitive information that can be harvested. In fact, when students at MIT undertook a project to study computers that had been discarded or sold, they were able to retrieve a great deal of personal information from them.

What does this mean for corporate security?

It is absolutely critical to regulate access to the corporate network and file structure. In the wrong hands, confidential company documents, such as financial reports, marketing research, and product and business development plans, can reveal corporate secrets, enable destruction of intellectual property, and facilitate embezzlement of funds. In legal matters, records, correspondence, and e-mail files can assist with the resolution of disputes and criminal cases, but it may be necessary to seek out those files when someone has attempted to delete them or reformat the drive where they are stored. In the interest of ensuring employee and network integrity, employers can install monitoring software to pinpoint unethical behavior or misappropriation of corporate resources.

The foremost responsibility of a security strategy is to protect confidential information, and a business can be held liable when data is compromised. A comprehensive plan must be in place to ensure confidential information remains secure. This should include documenting storage locations, data backup, disaster recovery scenarios, disk retirement procedures, trade secret protective measures, and strict policies for confidentiality and privacy. Failure to protect confidential information can have dire financial repercussions.

That same failure can also lead to identity theft, which is one of the fastest growing threats to our security. In a 2002 press release, the Justice Department warned that as many as 700,000 people per year may become victims of identity theft. Thieves relentlessly search for security lapses in corporate networks. All it takes is one opportunity to access our personal information, and they can clean out our bank accounts, play havoc with our lives, and lead us on an expensive and frustrating odyssey to restore our good names.

How can we help protect your company?

The number of issues to consider when selecting a corporate security solution can be overwhelming. First Net Web in conjunction with Answers Private Detective Agency offers a full range of research, evaluation, and protection services to help you attain your goals. With our assistance, you will be able to:

●assess network privacy and locate threats to network security

●evaluate network liability and recommend an effective strategy to meet all requirements for storing, documenting, and protecting data

●monitor network and computer activities to determine use and misuse

●analyze hard drive content, identify potential sources of data, and extract data by using a chain of custody and documented methodology that can be testified to in a court of law

●ensure that information is completely erased from retired equipment so that it can never be recovered