Stand Up To Cybercrime

• Michael Mink
• On 5:06 pm EDT, Monday October 26, 2009

Complacency is a luxury no company can afford when it comes to computer security. The commitment a company makes to thwart cybercrime can be high- or low-tech.

It's a matter of staying ahead of the criminals.

Safeguards to consider:

Know thy enemy. Grasp specific threats, says Tom Patterson, chief security officer of MagTek, which provides technology for secure credit card transactions.

He recommends companies join their local InfraGard chapter to learn about threats.

The firm, whose site is InfraGard.net, basically shares information between the FBI and the private sector.

Patterson also receives and shares network security information via the Web site Security.MagTek.com.

Patterson told IBD that once companies "see the level of determined attacks that exist, and understand the common attack vectors, it's then very possible to make your company a significantly harder target. After that, the key is constant vigilance."

Invest in technology. Buy a data loss prevention program. Most top security vendors sell comprehensive ones.

"This allows the company to limit the types of information that can leave their network, either through the Internet, e-mail or even thumb drives (portable data storage devices)," Patterson said.

Lock it down. Limit physical access to the systems that store data, says Mike Paquette, vice president and chief strategy officer of Top Layer Security.

Minimize exposure to risk. It's one common-sense way to avoid becoming a victim.

Paquette suggests storing only the data that is absolutely necessary to complete business transactions. Also: Outsource the processing of electronic transactions, such as credit card payments, to a reputable payment firm.

Strengthen your defense. "Use encryption to protect the stored data," Paquette said.

He added: "Review and tighten electronic user access to the data. Educate users on proper treatment of data, and deploy technologies, such as intrusion prevention systems, that reduce the risk that the computer systems could become compromised with malware."

Conduct background checks. Perform routine ones with new hires and random ones throughout the company, Patterson advises, to look for red flags.

Be thorough. While staying on top of your company's personnel, watch out for any data that can be sold for a profit.

"Organizations should keep this in mind as they adjust their IT security strategy," Paquette said.

Educate employees. They should know how to spot danger, such as a phishing e-mail, and what to do when they suspect one.

Teach the staff how to choose a password that will resist automated attacks.

Explain the damage that could be caused when an employee clicks on the wrong Web site.

"Employees," Paquette said, "must understand the link between their action or inaction and the consequences that could arise."

Said Patterson: "I've found as CSO of MagTek, and in my 30 years in the security space, that the best way to repel corporate attacks is to get your employees educated and involved in the defense. After all, it's their job too."

Buzz up!