|
There
are certain inventions that have occurred over the last thirty years that I call
integral. By this I mean inventions that have integrated themselves into
life in such a way that, while we know that there must have been a way of doing
it before, we really can't remember it and we don't want to go back to it.
Microwaves fall into this category (my children don't believe that you can make
popcorn any other way), along with photocopiers (remember mimeographs?), word
processing programs and, of course, e-mail.
In
the business world, e-mail has quickly established itself as the lifeblood of
communication. Electronic messaging has been recognized as an efficient
means of communication that is quicker and cheaper than traditional methods.
E-mail is also now mission-critical to any enterprise. Watch the looks of
consternation and loss that happens in a corporation when someone pronounces,
"the server is down."
Personal
e-mail is also of supreme importance. We easily communicate with our
children and parents and others that are “on-line.” E-mail makes it possible
for me to send this article from
Saudi Arabia
to an editor in
Egypt
who could have it on a website read by a user in
Calgary
, literally within minutes.
But
e-mail has a downside, one that is causing consternation throughout the vast
communication enterprises. E-mail is also the most likely source of
penetration and disruption of a corporate network or personal computer.
Spam,
chain mail and e-mails with inappropriate or offensive content are enough by
themselves to give computer users headaches and security personnel nightmares.
Not only do they cause loss of productive time, waste of bandwidth and storage
space, they can also be sources of embarrassment and great expense if someone
decides to sue you or your company for what might be in your now publicly
revealed data store.
Another
serious concern is information leaks -- whether an organization likes to admit
it or not there is a greater risk of crucial data being stolen from within the
company than outside. A 1999 survey revealed that 21-31% of workers in
Fortune 500 companies admitted to sending confidential --like financial or
product -- data to recipients outside the company by e-mail. In addition
there is increasing concern over e-mail interception and tampering.
Viruses,
though, are still the major e-mail security hazard. The ICSA 2000 Computer
Virus Prevalence Survey showed that 87% of all viruses are being transmitted by
e-mail or through the Internet. What viruses can do and how they infect a
system via e-mail seems to be limited only by the imagination of the virus
writers. As Melissa showed in early 1999 and Blaster and SoBig.F this
year, it doesn't take much time for a virus to spread and start making mischief.
Failure to guard against e-mail borne viruses is an open invitation to disaster.
Time
to Put an End to Ignorance
Personal
computers (as opposed to those located at a business) have been around for a bit
more than fifteen years and in the past 4 years have become as common as
telephones. Individual users have proven to be the weak link in anti-virus
defenses. The simple fact of the matter is that most users don’t take
simple precautions to protect themselves, their computers and their data against
intruders. As SoBig.F has recently shown, an improperly protected system
can be raped – forced to submit to unwanted acts, data ripped from it,
financial data distributed, personal information exposed. This unpleasant state
of affairs could be prevented if the user took a few moments to learn some basic
steps to protect him or herself and her computer – and most importantly the
information contained within. What should you do?
Install
Anti-virus Software
The
need for an anti-virus engine should be obvious. Failing to have a
technological response to potential virus attacks, in my opinion, is so foolish
as to be criminal -- at the very least it demonstrates incompetence and a
flagrant disregard for personal assets. How many people leave the front
door unlocked, cash on the table and the keys to the safe deposit box laying
around? There are a variety of readily available products, including
McAfee, Norton Anti-Virus and many others. But don’t stop with just the
scanning software.
New
viruses come out every day. To combat this, anti-virus companies provide,
usually free of charge, updated “definition files” (the name may change
slightly). If you have a computer, you should visit your anti-virus
engine’s site at least once a week and obtain and install the latest update.
Then
There’s You
At
the same time relying solely on an industrial strength anti-virus scanner is
false confidence because it does not take into consideration one of the most
important factors in anti-virus defense -- an educated user – and you need to
be one.
So
far all of the viruses that have been wreaking e-mail havoc have one thing in
common -- someone had to activate them. That person was the recipient, who
from ignorance, carelessness or just a momentary lapse in cognition
double-clicked on the file they had received and landed up sending it to
everyone in their mailbox, crashing their own system, sending off the company's
entire password file, launching a nuclear strike and other nasty things
depending on the particular flavor of malware. A single virus could bring
down an entire e-mail system for days -- and in the case of one like the SirCam
worm, send sensitive documents out within moments to everyone in the user's
address book. Viruses such as the Love Bug and SoBig.F have cost companies
literally billions of dollars in downtime. The vast majority of these
inadvertent activations happened before the virus made a media splash or
anti-virus software was available for it. The lack of technology was not
the real issue, a poorly trained user was.
Not
surprisingly, nearly all the virus attacks taking place today feed on users’
lack of knowledge about security. It is time to devote a portion of your
time to comprehensive education of yourself and other family members. And
you need to make it a constant process in order to minimize the impact of
viruses.
Simply
stated, not educating yourself and your family members -- and assuring they
understand and act on what you learn and share with them leaves your personal
computer – not to mention corporate networks -- vulnerable to penetration and
cyber-vandalism.
Failing
to protect your data by understanding what to do and how to do it makes as much
sense as sending your bank information to the child of a deposed African
politician or general who e-mails you out of the blue.
*
David W. Tschanz
is a Microsoft certified systems engineer, web
developer and writer of computer-related articles.
He is also a medical/military historian, an epidemiologist, an editor
and a demographer. You may contact him by sending your emails to: Desertwriter1121@yahoo.com.
|
