Over the past few years the business world has been forced to sit up and take notice of cyber crime. Hackers, viruses and malicous code have become increasingly active causing downtime and data loss that cost valuable time and money. Now government organisations are also starting to implement strategic measures to alleviate some of these symptoms and to crack down on cyber 'gangsters'.
Approximately 6% of all business personal computers experienced an episode of data loss in 1998 alone. This percentage is divided between hardware failure, software failure, human error, computer viruses and theft and has almost doubled in volume since then. Additionally, the ubiquity of the Internet provides great opportunity for business but it also provides both incentive and mechanism for malicious attacks. These attacks may take a number of different forms; denial of service attacks, network penetrations and 'smash-and-grab' attacks.
The Electronic Communications and Transactions Act 2002 (ECT Bill) has been developed by the South African government in a concerted effort to protect businesses and consumers against such unlawful attacks. Chapter XIII makes the first statutory provisions on cyber crime in South African jurisprudence. The Bill is introducing statutory criminal offences relating to information systems and includes; unauthorised access to data, interception of or interference with data, computer-related extortion, fraud and forgery.
Additionally the Bill makes provision for cyber inspectors who monitor Internet websites in the public domain and investigate whether cryptography service providers and authentication service providers comply with the relevant provisions. They have been granted the powers of search and seizure, subject to obtaining a warrant, and can assist the police or other investigative bodies on request.
Open with care
e-mail borne viruses have increased significantly, including the more destructive examples like NIMDA and Code Red, and without safeguards they travel extremely fast. One thing characteristic about recent attacks is that they are multidimensional, using multiple routes to enter a system. All security threats can be mitigated to some extent - some more easily than others - by a combination of good security configuration and good security practices.
Because you are exposed to the risk of being infected by a virus any time you receive and open an e-mail, get on the Internet or download and open files, here are some tips and tricks that you can use to protect your business.
Use a firewall! Firewalls act as a protective boundary between a network or individual computer and the outside world by shielding your system when you are online. Do not open attachments from people you do not know and be careful about opening attachments in general, as they can contain dangerous viruses. Even when you receive an attachment from someone you do know you should be careful opening it if you are not sure about what the file contains. Many viruses are spread through being automatically forwarded to all the contacts in a person's address book, which means that you can receive e-mail with files infected by viruses from people you know. Keep your software secure! You need to make sure that your business software remains current in terms of updates, security patches and enhancements.
While these safeguards and the additional protections offered by government agencies are strong protective measures against the threats posed by cyber gangsters, they are not infallible. Businesses should also maintain a documented internal security policy that is adhered to by all members of staff and updated on a regular basis. Security is a journey, not a destination - businesses need to stay ahead of the bad guys who are not sleeping around the corner. You cannot assume that the security solutions you implemented last year are strong enough to meet the threats that have been developed this year.
The technology industry is now developing products and solutions that reflect their awareness and understanding of this problem.