Security on the Internet

Computer security can be thought of as "the protection of a computer and its resources against accidental or intentional disclosure of confidential data, unlawful modification of data or programs, the destruction of data or hardware."

All types of crimes involving computers are creating challenges in all areas of the world. The challenges that law enforcement agencies face in the battle against cybercrime are technical challenges which hinder law enforcement's ability to find and prosecute criminals online, operational challenges which require well-trained, well-equipped investigators and prosecutors who can work together at unprecedented speeds across all national boundaries and legal challenges which result from laws and legal tools that are necessary to investigate cybercrime which are lagging behind today's technological and societal changes.

The government cannot meet these challenges alone. Therefore, the private sector must take the lead in protecting private networks. The private sector has the resources, technical ability and the trained personnel to ensure that the Internet is a safer place as technology continues to progress. However, even if companies and consumers to everything possible to protect themselves from cybercrime, there will be instances where safeguards fail. When this happens, companies and consumers must be ready to investigate and prosecute cybercriminals.

Security Measures to Deter Computer Crime

A variety of security measures can be put into practice. The following are important solutions (computer security methods) to be remembered for implementing proper computer security:

Use Authentication - this determines and proves the identity of a user or group of users attempting to gain access to your system.
Use Authorization - this determines what resources an authenticated user or groups of users can access.
Use Encryption - this is the alteration of data such that unauthorized use is difficult or impossible.
Use Firewalls - these are devices or software that selectively permit inbound and outbound network traffic between the Internet and a private network.
Use Node Authentication - this determines and proves the identify of a computer trying to connect to another computer.
Use Automatic Call Back - used when a network access seeking user initiated process by which a host system verifies user identity by "calling them back" or contacting them back through the use of a predefined call back address.
Use Access Controls - these controls determine what users or groups of users have authorization to access certain resources.
Use Different Access Rights - these determine the degree to which an authorized user or groups of users can access resources (i.e. read-only access).
Passwords and Pass phrases - these controls require users to change/alter passwords or pass phrases that are used for system access periodically (i.e. once a month).

The following are some basic guidelines that companies should use in the fight against computer crime:

Establish written policies and guidelines for revealing any type of organizational information within and outside of the company.
Organize an emergency response team of technical, legal and publicity specialists.
Always monitor computer usage, have timely detection and encourage confidential reporting of unusual activities.
Stay up-to-date on technical information. Look for articles and news stories to find items of value for security purposes.
Cooperate with national and international organizations and government agencies to create trusted communication and cyberspace environments for business.

To fend off the threat of viruses, anti-virus software is the most prevalent security measure, which should be loaded on company computers as well as personal computers. Given that this software is easy to use and relatively inexpensive in comparison with the damage a virus could cause, it is surprising that all companies do not use virus protection. If this type of software were installed, many computer crimes would be easier to detect and prosecute, thus reducing the apparent lack of risk for being caught for computer crime.

Analysis has also shown that file or data encryption has resulted in reduced theft of intellectual property. However, encryption tools, like passwords, should also be reviewed and changed periodically since breaking these codes have also become a game to hackers in cyberspace.

It is almost impossible to tell just how much computer fraud is costing companies and public agencies. A recent survey by the Computer Security Institute showed that 90 percent of large corporations and government agencies detected computer security breaches involving theft proprietary information, financial fraud, system penetration by outsiders and sabotage of data or networks. However, despite the high fear of computer crime, surveys have shown that very few companies are actively seeking to improve their online security. The Association of Certified Fraud Examiners estimates that total fraud and abuse losses to U.S. companies alone are over $400 billion dollars, however, there is no way to empirically measure the real amount of fraud that takes place because so much is not reported and much is not recovered.

The Better Business Bureau gratefully acknowledges the work of the faculty and students at St. John Fisher College who developed this information for use by the BBB.

This information is general in nature and is not intended as a reliability report on any company, product, or service.