The Facts

Computer crime costs corporate America $10 billion every year! Don't be the next headline!

The Internet and the World Wide Web are the best way for your competitors to steal proprietary and confidential information. Your company's hard-earned strategic plans, manufacturing processes, marketing plans, intellectual property, financial data, merger/acquisition data, trade secrets, R&D plans, price lists, and customer lists are available to any of your competitors who want them badly enough.

"Competitors are the single greatest threat in computer crime" Richard Power, Computer Security Institute (CSI)

A joint CSI/FBI survey of 453 respondents indicates that 50% of those asked identify electronic snooping by competitors as a major concern. 36% had experienced electronic break-ins during the past year.

It is only going to get worse; consider the following: First, computing power has doubled every 18 month for the past 10 years. This trend will continue. It means that hackers can double their computer's ability to crack passwords every 18 months. Second, in 1990 only 15% of PCs were networked, today 50% are. International Data Corp.

As companies rush to get on the World Wide Web they are placing untrained and/or unsophisticated computer users in charge of system administration. This creates an opportunity for competitors to peek at your company's intellectual crown jewels.

A survey from ASIS reported that electronic security breaches increased from 1 every 3 months before 1980 to more than 30/month in 1995. Source: American Society for Industrial Security (ASIS) 1995 Intellectual Property Loss Survey of 310 respondents

Computer crime accounts for an estimated $10 billion in losses every year. Management Analytics, Hudson Ohio.

Another ASIS survey found that the value of lost information can have a significant impact on your company's bottom line. Source: American Society for Industrial Security (ASIS) 1995 Intellectual Property Loss Survey of 310 respondents

Electronic break-ins are almost undetectable and anyone can get the necessary tools from bulletin boards or the Internet.

"Vital data is stored on servers with wildly varying degrees of security and employees frequently discuss confidential projects on company wide E-mail system." Computer Emergency Response Team, Pittsburgh, PA.

According to another CSI/FBI survey, 46% of electronic espionage cases involve company insiders. The most likely candidates are disgruntled managers looking ahead to their next job.

What Can I Do?

If you think you're safe or your computer "guru" is telling you you're safe, don't count on it. Consider the following: That expensive firewall you just installed has holes in it. First, since most attacks are from the inside the best firewall in the world only works part of the time. Second, firewalls rarely prevent denial-of-service attacks which can crash your server very quickly. Third, most attacks are based on the content of files, not the form. Since no firewalls protect against damaging content, and they probably never will, you are still vulnerable. Fourth, many Web servers and browsers are already within the firewall so they can be used to launch other attacks. Also, don't ever let a computer security consultant sell you on the idea of 100% security. It doesn't exist.

What can you do to protect yourself from computer crime? Start by hiring a computer security consultant to perform a security evaluation. This usually takes a few days and the consultant will operate undercover. During the evaluation, the consultant will see how easy it really is for someone to get at your intellectual property. Paying a trusted security consultant to "hack" your system now is a lot cheaper than being beaten to market with a new product you developed but a competitor stole. After the evaluation, the consultant will make some specific recommendations to tighten security.

Regardless of the findings, the following steps should be taken with the help of the security consultant: First, strictly regulate intranets (company wide Web servers and browsers). Second, limit remote access as much as possible. Third, have someone monitor references to your company on the Web and Usenet. Fourth, use only a single encryption product that provides for a "key" repository. Fifth, institute a general E-mail policy that gives you access to all E-mail (several states have passed laws restricting access to your E-mail system without the permission of both parties involved in the E-mail dialog). Sixth, get rid of old E-mail from backup tapes. In a lawsuit it can be seized as evidence.

Computers are here to stay and so are the security problems that go along with them. The companies that will survive are the ones that take security seriously and take the steps necessary to protect themselves.