Defining, Identifying and Limiting Cyber Crime

A vast amount of information is now stored on computer servers and databases, and it’s growing every day. Because that information has great value, hackers are constantly looking for ways to steal or destroy it.

Cyber crime is one of the fastest growing areas of criminal activity. It can be defined as any crime where:

  • A computer is the target of the crime
  • A computer is used to commit a crime
  • Evidence is stored primarily on a computer, in digital format

Types of Computer Intrusions

Computer intrusions can come from an internal source, such as a disgruntled employee with an intimate knowledge of the computer systems, or an external source, such as a hacker looking to steal or destroy a company’s intangible assets. Hackers use a variety of ways to steal or destroy your data:

  • Viruses – A virus is a small piece of software that attaches itself to a program currently on your computer. From there, it can attach itself to other programs and can manipulate data. Viruses can quickly spread from computer to computer, wreaking havoc the entire way. In the late 1990s, email viruses became a popular method for hackers to infect computers. These viruses were triggered when a person downloaded an infected document. When the document was opened, the virus would send that document to the first few recipients in the person’s email address book. Some email viruses were so powerful that many companies were forced to shut down their email servers until the virus was removed.
  • Worms – A worm is a computer program that can copy itself from machine to machine, using a machine’s processing time and a network’s bandwidth to completely bog down a system. Worms often exploit a security hole in some software or operating system, spreading very quickly and doing a lot of damage to a business.
  • Trojan horses – Common in email attachments, Trojans hide in otherwise harmless programs on a computer and, much like the Greek story, release themselves when you’re not expecting it. Trojans differ from viruses in that they must be introduced to the system by a user. A user can knowingly or unknowingly run an .exe file that will let a Trojan into the system.
  • Spyware – Spyware can be installed on a computer without the user ever knowing it, usually from downloading a file from an untrusted source. Spyware can be used by hackers to track browsing habits or, more importantly, collect personal information such as credit card numbers.
  • Logic bombs – Logic bombs are pieces of code that are set to trigger upon the happening of an event. For example, a logic bomb could be set to delete all the contents on a computer’s hard drive on a specific date. There are many examples of disgruntled employees creating logic bombs within their employer’s computer system. Needless to say, logic bombs can cause serious damage to a company’s digital assets.
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks – DoS and DDoS attacks are used to send an overwhelming amount of data to a target server, rendering that server useless. A hacker does this by gaining control of several computers and then sending a large amount of data to a target server that can’t possibly handle it. The result could be thousands or millions of dollars in lost sales for an online retailer and a complete loss of productivity for many businesses.

Limiting Intrusions

A computer intrusion could put your valuable digital assets at risk. That’s why your company should have the following measures in place to limit computer intrusions and protect your assets:

  • Firewalls – Firewalls are pieces of software that control the incoming and outgoing network traffic on a computer system and decide whether it should be allowed through or not. Most computer operating systems now come with a preinstalled firewall for security. While they are not the be-all end-all of preventing intrusions, they are a reliable start.
  • Routers – Routers are pieces of hardware that keep unwanted traffic out of a computer system. They differ from firewalls in that they are standalone devices that must be bought separately–they are not included in an operating system.
  • Antivirus programs – As their name implies, antivirus programs are designed to catch and eliminate or quarantine viruses before they can harm a computer system. Antivirus programs run in the background to ensure your computer is protected at all times. While they are updated frequently, they may not catch the newest viruses that are floating around.
  • Policies – Every company, no matter its size, should have policies in place to educate employees on the dangers of computer intrusions and ways to prevent them. Make sure your employees know not to open, click on or download anything inside emails from untrusted sources. Employees with an intimate knowledge of the company’s computer network should also be alerted of the potential consequences of hacking into the system.
  • Common sense – Everyone claims to have it, but if that were actually the case, many viruses, worms and Trojans would cease to exist. The simple fact is that everyone in the company needs to exhibit some common sense when using a computer. Encourage employees to disregard emails with subject lines and attachments that seem bogus or too good to be true.

Review Your Risks and Coverage Options

A computer intrusion could cripple your company, costing you thousands or millions of dollars in lost sales and/or damages. Contact your broker today to ensure you have the proper coverage to protect your company against losses from computer intrusions.

© Zywave, Inc. All rights reserved

Preventing Laptop Theft

laptop_183544As more and more companies issue laptops to employees, the chances of losing a laptop (and the data stored on it) to theft are much greater. Follow these guidelines to help keep your laptops safe.

Communicate Employee Responsibility

If your company issues laptops to employees, be sure to communicate that your employees have a responsibility to care for them.

Employees’ work laptops may have their personal information on them—stored website signin information, name, address, work documents, etc.—and they may not realize it. Making employees aware that the theft of a work laptop could personally affect them can be an incentive for them to protect their computers.

It may be beneficial for you to provide a security cable lock when you issue laptops to employees. A cable lock works similarly to a bike lock—one end of the cable has a lock that goes into the laptop’s security slot and the other end is attached to a heavy stationary object, such as a desk. This type of lock works as a visual deterrent, as well, making the laptop less appealing to a thief.

Give your employees frequent laptop safety reminders and updates on new scams or theft tactics. Laptop safety is not a one-time thing—making security a habit will keep your company’s property and information safe.

Laptops That Don’t Leave the Office Are at Risk, Too

A laptop that never leaves the office should not be considered safe from theft. If the laptop is not locked to a docking station or desk, it is vulnerable.

An employee who is planning to quit or who is feeling disgruntled may see stealing a laptop as an easy score. One way to protect your company laptops is to apply tamperproof metal labels with your company name and contact information to each laptop. There are many types of tamperproof labels available, such as labels that etch a permanent message or break into tiny pieces when removed. The labels can also be used to track inventory and software updates.

Deterring theft can also be achieved by engraving the company name on laptops. This will discourage employees from stealing them, because the permanent engraving decreases the resale value.

Use Encryption Software

The physical loss of a laptop may not be as devastating as the loss of the information and data stored on that laptop.

Encryption software uses mathematical algorithms and an encryption key to encode data so that only someone who has the encryption key can read it. There are three different encryption methods you can use, based on the sensitivity of your data. Make sure you choose the right level of protection for your company.

  • Full disk encrypts an entire disk, including all its data. This method is used to encrypt laptops, desktops and mobile devices.
  • Individual file encrypts a single file or creates an encrypted repository for file storage.
  • Data transit encrypts during a transfer, but does not guarantee encryption once the data reaches its destination.

To protect the interests of your company and employees, all devices should be encrypted and require passwords for access.

Install Tracking Software

Tracking software is often called “anti-theft” software—it tracks your laptop to its current location using IP address locations, GPS or Wi-Fi positioning. A stolen laptop can be easier to recover if you’ve installed tracking software before the theft.

Some software can take a photo of the thief if the thief turns on the computer, showing his or her identity. If the thief sells the laptop to someone, capturing the new user’s identity is helpful for finding the thief.

Tracking software can also take screenshots of what the thief is doing on your computer, which is helpful if the thief signs in to his or her own personal accounts. Some software can lock the thief out to prevent him or her from logging on to your computer at all, and some software can remotely delete sensitive data from the hard drive if you tell it to.

Keep in mind that tracking software alone does not prevent theft—your employees’ actions and habits play a major role, too. Contact Precept Insurance & Risk Management today to learn more about defending your company’s laptops against theft.

© Zywave, Inc. All rights reserved.

Cyber Crime’s Forgotten Victim—Your Company’s Reputation

Reputation 1Even though companies are finally starting to dedicate resources to prepare for cyber attacks, it’s possible that they may be overlooking a key exposure. While internal audits, hardware and software upgrades, and payouts to impacted customers can be costly, those costs can quickly be dwarfed by the damage a cyber attack can do to a company’s reputation.

The Dark Side of Social Media

Social media poses a huge threat to your company’s reputation. In the event of a data breach, traditional media coverage, blog posts and consumer reaction to the breach will dominate discussion of your company’s brand across social media platforms. Social media newsfeeds offer little to no distinction between legitimate news, biased reports, rumors and outright falsehoods, making the problem worse.

Additionally, social media is the perfect battleground for a competing interest to launch an attack on your brand. In fact, a white paper released by Hays suggests that the deliberate spread of false information about companies could be part of the next wave of cyber attacks launched by foreign governments.

Managing Your Reputation

In the wake of a cyber attack, it’s important to have a social media strategy in place and ready to roll out, as well as a team dedicated to monitoring social media in order to dispel any rumors and clarify any falsehoods. It’s also important to consider all avenues for mitigating your risk.

© Zywave, Inc. All rights reserved.