Cyber- crime and preventive measure for corporate business
There exist a number of cybercrimes in today’s technology-savvy environment.
The following range from a wide variety of scams operating in the online environment. They range from fraudulent lottery, schemes, travel and credit related ploys, modem and wed page hijacking and identity theft to name a few. Scams as pyramid selling wherein fraudsters masquerade as legitimate traders behind professional looking websites or virtual sites to advertise- free or bargain price, miracle and exciting products.
Sale of illegal articles
Intellectual Property crimes
Unauthorized access to computer systems or networks
Theft of information contained in electronic form
Denial of Service attack
Virus / worm attacks
Internet time theft
Theft of computer system and Physically damaging a computer system
Preventive measures to be taken by corporates to protect their businesses
Setup an e-security program for your business. Ensure your security program facilitates confidentiality, integrity and availability. Identify the sources of threats to your data from both internal and external sources.
Examples: disgruntled employees – leaving bugs behind in your system, hackers looking to steal confidential information. The security program that you create for your business must have provisions to maintenance and upgrades of your systems. Administrators have access to all files and data. Therefore, one must be mindful of who is guarding the guards. Roles for security should be defined, documented, and implemented for both your company and external contractors.
Establish a security awareness program for all users. Content should be communicated in non-technical terms. This could include briefings, posters, clauses in employee contracts, security awareness days etc. Implement security training for technical staff that is focused on the security controls for their particular technical areas. Maintain logs of all possible activities that may occur on your system. System records must note who was using the system, when, for how long, deletions etc. User accounts should not be shared. User authorization should be mandatory. Employees should only be able to see information that they are authorized to see. Employee user accounts must be disabled or removed when no longer needed. Example: in case an employee leaves the company. Ensure network security from external sources by installing firewalls and intrusion detection systems.
Allow remote access to employees only through secure communication channels like SSL or VPN. Install antivirus software on all desktops and servers. Buy Anti-Virus software solutions that allow real time upgrading of systems with anti-virus patches. Create a data backup and disaster recovery plan in case of unforeseen natural calamities. Ensure back-up procedures are in place and tested. Ensure back-up procedures include all the critical as well as back office data such as finance, payroll etc. Incident response is the ability to identify, evaluate, raise and address negative computer related security events. In case of an incident, do not panic, and continue to save logs. Incident response – Take a backup of the affected system and notify the authorities.