Archive for February, 2010
Social Networking: How Secure is Your Business?
Companies of all sizes are increasingly using sites like Twitter, Facebook and LinkedIn to advertise their services and products, to communicate with customers, and even to recruit new employees. Most businesses, however, remain unaware of the dangers that lurk in this rapidly expanding arena. Phishing scams are but one example of this, where devious ploys are used to manipulate employees into clicking on links that immediately download malicious software into your computer system. Once inside, this malware can run riot, gathering sensitive personal and company data at will, much like a vacuum-cleaner, all to be used later to perpetrate fraud or to steal someone’s identity. Pharming is another danger, similar in nature to phishing, whereby an employee is encouraged to click on a link in a bogus email that then directs them to a false website geared to fleece them. Smishing is the mobile phone form of phishing, where a text message contains the menacing link.
These, of course, are incoming threats. On the outgoing side, there are employees who divulge sensitive corporate information while on social networking sites. There, their idle banter can be harvested as public property and used in a way that may damage your company’s reputation, if not demolish public trust in your products and services.
Just how insidious social networking sites can be was brought home to Britons when the UK Justice Minister, Jack Straw, revealed in February that 30 Facebook pages had been taken down because prisoners were using them to taunt their victims. Facebook removed the offending pages within 48 hours. “It’s not that people at Facebook have a different sense of morality from us,” the Minister told the BBC. “They have the same sense of morality but they have to police hundreds of thousands of their sites, so what we have to do is set up a better system with Facebook.” He said he was reassured by the cooperation his department was receiving from Facebook as the government sought a longer-term solution “to this very modern version of the old problem of victim harassment.”
Cyberspace-Junk: Three Top Ways to Avoid a Collision
The start of 2010 brought with it a spate of reporting on the dangers of cyberspace, whether it be cyberattacks on an individual, a corporation, a public utility system like an electricity grid, or nation states playing games with each other. Mid-January saw an unlikely cyberwar breaking out when Iranian hackers attacked China’s largest internet search engine, Baidu, and Chinese counterparts retaliated against Iranian websites. In this rapidly expanding arena of competition, Russia, China and a number of other countries have been accused of mounting massive operations, though in this field there are far more sinners than saints.
A McAfee survey of 600 international technology executives (‘In the Crossfire: Critical Infrastructure in the Age of Cyberwar’, available at www.mcafee.com), released in January, helped wipe away any New Year complacency. It found that recession-driven cuts in spending on online security over the past 12 months had led to an increase in threats. The result was that more than one-third of those interviewed believed their sector was unprepared to deal with a major attack. More than half felt that the laws in their country were inadequate in deterring potential cyber-attacks, and almost half lacked any faith in their government’s capacity to prevent or deter them. One expert believes that consumers will increasingly bear the cost of online crime and security breaches as organisations seek to limit their exposure in an escalating battle against such attacks.
Art Coviello, president of EMC’s data security arm RSA, for example, has little confidence in government, pointing out that data security regulations have fallen way behind the internet age. He believes that government regulation on security should focus on outcomes and not on prescriptive measures. Data breach regulation is a great regulatory initiative because it does just that. It says, if you are negligent in protecting information, you need to publicly confess. He says it’s amazing what California has done to ensure that people do the right thing because they don’t want to be embarrassed. “Compare that,” says Coviello, “with prescriptive regulation like the obligation to encrypt this or provide that. That relies on the government having the kind of technological sophistication to keep up with the threats. What do you suppose are the odds that governments are going to move quickly enough? They can’t even update the laws for the internet age, let alone data protection. It’s much easier for government to say don’t let something happen and put the onus back on the organisation to protect its infrastructure however it sees fit.”
Britain’s FSA Targets Cross-Border Fraud
Following the global financial crisis, the spotlight on banks is intense, especially in Wall Street and The City of London. Now Britain’s Financial Services Authority (FSA) has radically stepped up its investigation of overseas banks and companies. With the crisis bringing to light potentially improper or fraudulent behaviour that crosses international borders, the Authority’s enforcement division investigated 30 overseas businesses in 2009, a six-fold increase over the five it looked in to in 2008.
As the Financial Times highlighted on February 2, this information was obtained from Freshfields, a London legal firm, by means of a freedom of information request. Of the 30 businesses involved, overseas companies accounted for 15 per cent, up from 2.4 per cent last year. The increase comes at a time when the FSA has also significantly expanded the assistance it renders to foreign regulators. The Authority received 830 new requests for help in the 2008-09 fiscal year, up 27 per cent from 2007-08. While the FSA has not particularly targeted overseas companies, the increase is a natural outgrowth of the financial crisis, which exposed a number of cross-border frauds and failures and prompted regulators to start working more cooperatively, Freshfields said. “London is a financial centre and governments are under pressure to respond to the crisis. If they are all talking to each other, someone is going to do something,” Raj Parker, one of the law firm’s partners pointed out.
Britain’s rising international focus is being replicated around the world. The US Securities and Exchange Commission (SEC) asked for overseas assistance 774 times during the 2009 fiscal year, an increase of 30 per cent. In London, the FSA went to the Court of Appeal on February 2 to challenge a lower court ruling that limited its ability to gather documents for the SEC after senior officials from both regulators met the previous day to hammer out new areas of cooperation. “The global banking crisis will only have reinforced the resolve of the SEC and [Department of Justice] to hunt down those responsible for such activity. Regardless of the outcome of this hearing, this trend of close cooperation is here to stay and means that both businesses and individuals are at risk of lengthy investigations in both the US and UK,” said Neill Blundell, head of the fraud group at Eversheds, another legal firm.
