hackerAs more and more companies are establishing an online presence, they are increasingly opening their systems up to attack by hackers. Following some basic procedures can minimize the possibility of this happening.

Just as advances in technology provide us with fresh opportunities and quicker ways of doing things, they also make us more vulnerable. For instance, the more we rely on modern forms of communication as new ways of conducting business, the greater the risks.

In particular, the rush by small businesses to establish a presence on the Internet, along with the growing number of companies taking up e-commerce, has seen the emergence of a new threat with the potential to create havoc on a widespread scale.

Everyone is in danger. You may not know it, but that missing file, strange email or mysterious change to your website could be a sign that you’ve been hacked.

According to Raoul Wegat, director at a computer security firm, hackers usually deface websites by exploiting vulnerabilities or ‘holes’ in your server’s software, especially Microsoft products.

“Microsoft has released patches to shut these holes. However many system administrators are not aware that these patches even exist, hence the amount of defaced websites we see these days,” he explains.

Patches are small pieces of programming that update applications like Microsoft Outlook or Outlook Express to make them more secure.

The most popular technique used by the modern hacker is creating and sending viruses, which can be transmitted as attachments to an email, as downloads, or be present on a floppy disk or CD.

Andrew van der Stock, chief technologist with a security specialist, says there are three major types of viruses: true viruses, Trojans and hoaxes.

“The last two require the end user to execute the ‘payload’, which does the infection and allows the malware (malicious software) to spread.”

Due to the widespread use of Microsoft operating systems around the world, most viruses, or ‘worms’, could be more correctly termed Microsoft Outlook viruses, because they only spread through Microsoft Outlook or Outlook Express.

“These viruses and worms use flaws in Microsoft’s design of Outlook to spread. The damage they do includes sending personal documents to everyone in your address book (mass-mailing), and deleting or renaming files,” Wegat says.

But just as the potential impact of a particularly far-reaching nuclear war can’t really be predicted, the potential impact of a particularly far-reaching virus also can’t be measured.

The issue is beginning to be taken seriously however, and there are now plenty of measures that small businesses can take to ensure they are safe.

For example, ‘firewalls’ protect computer systems by refusing all incoming emails or downloads unless you explicitly enable them, and are considered to be a first line of defense in protecting private information.

Unfortunately, there isn’t a simple solution.

Wegat explains that because most website hosting is outsourced, “you really are at the peril of the web hosting company, so make sure you use a reputable firm.”

According to Van der Stock, the best way to find out if your web hosting company is safe against attack is to ensure that they keep up with patches or service packs, regularly strengthen their servers, and conduct regular internal and external audits of their security.

“Small and medium-sized business owners would be well advised to go to their PC supplier and buy a volume license pack for virus protection, preferably from one of the bigger players.”

“Virus protection is not a panacea. Make sure all data is backed up, every night, and that backups are kept for at least a month,” he adds.

But while having your website tampered with or files deleted is one thing, the prospect of external parties gaining access to things like online payment and ordering systems is even more worrying.

This is where the potential exists for real money to be lost.

Wegat warns that while e-commerce transactions are usually safe because the communication between a company’s browser and server is normally encrypted (converted into code form), it doesn’t stop there.

“If orders are forwarded by email to the website owner, they should also be encrypted. Remember, emails are like postcards – anyone can read them along the way.”

Wegat says that as the Internet will always be prone to attackers, simply installing a firewall is not enough, and small business owners should take measures to properly understand their threats, assets and underlying risks.

“We need people to understand that there is a price to attacking infrastructure and if they are caught, the price will be paid.”

Van der Stock agrees, saying that he believes the Internet will never become hacker-proof, just like society is not criminal-proof.

“You can protect yourself however,” he says. “Don’t open strange attachments from unknown sources. Don’t use guessable or dictionary-word passwords. Don’t download questionable software.”

“In short, being aware of the problem will go a long way to beating it.”

Useful Web resources include:

Americas:
How Computer Viruses Work


Copyright 2003, RAN ONE Inc. All rights reserved. Reprinted with permission from www.ranone.com.