“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” — Gene Spafford

AS long as you are connected to the internet you are not safe! Even if you have virus protection, intruder alert systems, firewalls and other bells-and- whistle computer protection — if someone is motivated enough then time is the only issue. Enough of it and they can breach your system!

To be honest, despite the concerns about malware (these are the bad programs which include viruses and others), I personally believe that the developers of these evil programs are much more altruistic than we give them credit for — given the ease to destroy your computer system if you know how — and given the low occurrences of total computer annihilation incidents. Most malware merely causes annoyance — but it could be much, much worse!

I read an allegedly true story that one intelligence agency wanted to steal a particular program from another agency. The only problem was that the server computer that had the program was stored in an inaccessible, remote location and they only logged on to the internet for only 15 minutes once per week for backup, and the time was randomly chosen during the week. To make matters worse — the computer had all the latest protective devices.

The agency who wanted the software sent their operatives to camp out at a hotel (in a different country from where the computer was), and they polled the internet for the entire week — using teams working 24/7. When the computer was connected to the internet for the 15-minute duration, they were able to locate it, break through all the defences, hack into the computer, and steal the software. Mission impossible — accomplished!

Why should you as a business manager care about computer security? Let me not answer — but consider this: In 2013 Target was hacked and the credit and debit card information for some 40 million customers was stolen. This cost the company its reputation, affected its profits and the Chief Executive Officer had to resign. I think by now you have the answer to my previous question! Information security is your business!

In their 2014 Harvard Business Review article, “The Danger from Within,” Upton and Creese indicated that a large percentage of the risks to information systems security are internal. However, they also declared that in a recent survey of senior business managers, most of them believed that IT security is only the remit of the IT professionals. Similarly they are also largely ignorant of insider threats.

The insider threats may be malicious in intent — but they may also stem from ignorance. Think of this. If a smart programmer placed malware on a few thumb drives and left them on the ground beside vehicles in the company parking lot, or placed a few on the steps going into your organisation, it is very likely one of the employees would pick it up and try it on their work computer, and initiate a virus attack!

Let’s get a little technical, but not too deep. First of all the term malware is used to encompass several different types of malevolent software that can wreak varying degrees of havoc on your information system — both hardware and software. Some malware consists of viruses, worms, Trojan horses, spyware, adware and others (the list keeps growing). Please bear in mind that these are programs, which are written by people –smart people!

Virus

So, in a nutshell, the virus works by being activated by the computer user. For example, you introduce a virus to your computer by placing an already infected file onto your computer. When this program is loaded into your computer’s memory, the virus can be copied to other programs, thereby infecting them. Based on some trigger, such as a certain time or particular action, the virus performs its malicious deed.

Worm

The worm is more or less the same as the virus, except that it is more sinister because once it is on a computer network, it can copy itself from one computer to other computers on the network without human intervention! So you can get a worm on your computer by just connecting to the network!

Trojan horse

The Trojan horse got its name from the story about the Trojan war — historians, please help — was it a real war or was it just Greek mythology? Anyway, the saying is that the Greeks created this wooden horse and hid some soldiers in it. The Trojans took it as a gift or a prize and pulled it into their city. (Remember in those days the cities had these huge walls that protected them during their frequent wars.)

Anyway – when the Trojans slept during the night the Greek soldiers came out of the horse, opened the gates to let in their colleagues – and … well… you know the rest, they won the war!

So you may see this fantastic free (typically free) game or other really good software online and you download it to your computer — not realising that inside (or attached to) that sweet program is a nasty program that could cause you some serious nightmares!

Spyware

Spyware can extract information (like credit card numbers and your personal demographic information) from your computer and send it to other persons over the internet. By the way, did you know that there is a spyware called a keystroke logger that can store the information from every key that you press on the keyboard?

The issue of information security is now such a big one that big organisations are now appointing C-level executives called Chief Information Security Officers (CISO) to focus on the security challenges.

Viveros’ 2013 Harvard Business Review article ‘Cyber Security Depends on Education’ indicates one big area to focus on: “There have been technological advancements within the last few years to help Chief Information Security Officers (CISOs) secure corporate networks against unintentional, or intentional, risky behavior by employees. But while such technical controls, and the establishment of sound policies, are essential components of effective security, educating employees in IT and cyber security is one of the best investments a company can make — and a rational recognition that it will take all of us to create a more secure future.”

Dr Kenroy Wedderburn is an MBA part-time lecturer. Send your e-mails to drkwedderburn@gmail.com.