How to protect your computer from hackers

David Strow   Special To The Business Journal

The advent of the Internet has revolutionized American business. It's also revolutionized the business of corporate espionage and sabotage.

By some estimates, computer-related crime costs American businesses $300 billion a year. Though hackers can be stalled, there's little anyone can do to stop it completely.

"If someone has the will, capability and desire to breach your network, there's a pretty good chance they'll be able to breach it," said Scott Gordon, vice president of the International Computer Security Organization. "Anything exposed to the Internet could threaten your network."

Many hackers fall into the stereotype of the young teenage troublemaker. But in the majority of cases, experts say, the intrusions involve employees.

In a 1996 study, WarRoom Research LLC discovered that 58 percent of companies asked reported that they'd detected an attempt to break into their systems. Eighty-two percent of those companies reported at least one successful breach.

Those intrusions were more than just an embarrassment. Two-thirds of victims reported that the attacks cost their company at least $50,000. Seventeen percent reported the cost at $1 million or higher.

What to do

So what can a company do?

First, recognize that no system can ever be secure. If the CIA can fall victim to a hacker, so can you.

Accordingly, be careful with the type of information put on a network. If it is so mission-critical that it could bring down a company if stolen, think twice about putting it on a network that's accessible from the Internet.

Obviously, much of a company's information must still be computerized. To secure the network, look for "back doors" in your system, Gordon recommends.

A good example of a back door is an old FTP (file transfer protocol) or telnet site on your Web server. Though it may not be in use, it can be found and used by intruders.

CGI, a language used to allow visitors to interact with a network through a Web site, can also cause trouble. Flaws in a CGI program can be used by a hacker to penetrate a Web site - so be sure to carefully examine and test CGI scripts to ensure security.

Current is better

Second, keep your security software constantly updated. Hackers often attack through older software programs, since their vulnerabilities have already been discovered and disseminated.

Necessary security packages include encryption software and programs that monitor network activity and report anomalies.

Third, never use a security program "out of the box," but configure it to your specific needs. By not doing so, you're taking two risks - one, that intruders will be able to use an already discovered back door in the software; and two, that the factory settings won't cover a particular security need.

Fourth, remember that most computer crimes come from the inside. As a result, issue passwords, and be sure to limit each user's access to only the necessary systems.

David Strow is a reporter with the Triangle Business Journal, a sister publication.