Corrections or additions?
This article by Bart Jackson was prepared for the November 20, 2002 edition of U.S. 1 Newspaper. All rights reserved.
Defying the Data Invaders
Send a certified letter to your lover and you may safely
assume it will arrive, untampered, to only those eyes intended. Post
that note on the back porch door and you can scarcely be surprised
when her husband comes by to crush your bones. Question is, can cyberspace
achieve the high privacy expectations of the U.S. mails, or must it
ever be relegated to the back porch of communication security? How
— and how much — of our data and missives can we guard? And
at what price?
Answers to these costly computer issues will be discussed in the seminar
“How Safe is Your Data?” sponsored by the New Jersey Bankers
Association (NJBA) to be held Monday, November 25, at 9 a.m. Cost:
$125; walk-ins are accepted, but pre-registration is preferred. Call
609-520-1221 or e-mail RDesch@NJBankers.com
The panel includes Tim Nestor from the FBI; Don Burt,
director of sales and marketing for Entium Technology Partners; James
Read, senior vice president of Pifer Financial Systems in Barrnington;
Scott Christie, special prosecutor for the U.S. Attorney’s Office;
and Gideon Lenkey, founder of Eye of Ra Security Systems. Discussions
compare practical security methods, both in-house and outsourced,
as well as the FBI’s Infraguard system.
The New Jersey Bankers Association (NJBA) is comprised of the state’s
80 commercial banks, plus a host of affiliate members and endorsed
vendors. Affiliates, typically insurance and high tech firms, join
to place themselves in the state’s financial loop via meetings, seminars,
and continual updates. Endorsed vendors receive the business-enhancing
approval of the association.
“Computer data, at this point, can not only be put in a sealed
envelope,” says seminar speaker Read, ” but via encryption
it can be placed in a fairly secure safe.” His confidence is qualified
and comes from decades of experience. Growing up in Woodbury, New
Jersey, with a dad who labored over computers for Xerox, Read swore
he would never touch the silly machines. Yet right after graduating
from Camden County College, he joined Elwood Pifer’s new computer
security firm and for the past 26 years has helped financial businesses
keep one step ahead of the hackers. While actually a partner in Pifer
Financial Systems, Read prefers the title of Head Geek. “I have
four computers in this mess of an office, play all day — and love
it,” he says.
Rooted staunchly in practicality, Read feels that any business should
focus on what he calls the 80/20 rule. Eighty percent of data invasions
can be thoroughly thwarted by a basic security-awareness program established
in-house. This much is a necessity. More elaborate solutions for the
20 percent more rare and exotic schemes are elective. Such a basic
data security program, Read insists, depends primarily on the employees,
particularly the accounting staff. No software or hardware, however
expensive and splendidly advertised, beats an informed and watchful
workforce.
Password common sense. “Time and again, I walk intoa bank and see passwords sticky taped to the side of computers,”says Read, shaking his head. “It’s like leaving a note on thedoor that the house key is under the mat.” Then of course thereis the famous line heard frequently around the office: “Oh, here’smy password, just borrow it, it’ll get you in.” The hasty paceof business demands shortcuts. But passwords are simply keys to veryexpensive treasure chests and should be treated as such. The bestprocedure is to set up a screensaver requiring a password, thus preventingothers from casually browsing though your files or downloading trouble.Guarding the front door. Joe from the help desk will nevercall up any employee and ask for her password so he can fix a littleproblem. Be suspicious. If it truly is your firm’s technical helpdesk, they already know how to enter your system and in fact shouldbe changing passwords company-wide at frequent, random intervals.Other invaders can Trojan Horse their way in on floppy disks or evenborrowed zip drives. Like chewing gum, if used, you don’t know wherethe discs have been and what viruses they may carry.Firming up firewalls. “Eighty percent of all firewallscurrently in use are misconfigured,” claims Read. “Peopleinstall them right out of the box, which is about like locking a heftydeadbolt into dry wall.” Installers need to customize them totheir current and future systems. In addition, firewalls and all securitysystems require constant updating. Microsoft, for example, sends outapproximately two security patches on its systems each week. Thesecover up various coding errors or breachable holes in your data’sprotection. Yet most companies and their employees regularly dumpthese upgraded patches into the trash with the daily doses of spam.Gifts from home. Today more than 54 million computersfill 51 percent of America’s households. Forty-one percent have Internetcapability. With an increasing number of workers telecommuting fromthe family den, network vulnerability broadens exponentially. Toooften employees not only phone in their labors, but their data invadersas well. Dial-up Internet systems, while slower, Read explains, aremore secure than cable providers, such as Comcast, which operate continuously.Recently, one of his cohorts complained that his computer was suddenlysluggish and his hard drive icon was frequently flashing. “Elementary,my dear friend,” replied Read. “Your computer has been egregiouslyhacked, loaded with mega-chunks of furtive data, and the flashingindicates you are being pinged.” His solution — and warningfor most PC owners — is to install a good firewall. The more rare,but more unfriendly act, of “getting gatored” by silentlybrowsing spyware can be countered by installation of a basic, easilyavailable code changer, such as AdAware.Bolting back doors. Most administrators overseeing systemswith numerous computers use some form of very handy micro-resourcekit. It is obviously necessary for at least one executive to be ableto swiftly open and access the entire network through several ports.Yet hackers are expert at wriggling into such ports right behind thelegitimate user.Interestingly, the cyber seas are not only infested with treacherouspirates. Sailing the same waters are a consortium of good hackerswho try to stay one step ahead of the malicious invaders. “Mostof these guardian angels are linked into the major hacker sites andchat rooms,” says Read. They learn the latest illegal boardingprocedures and forewarn various firms. If the attack involves “criticaltargets” such as utilities, transportation centers, and banks,the angels may even alert the FBI’s National Infra Protection Center(NIPC), which boasts a frighteningly thorough enforcement arm.Yet all these in-house and good-hacker safeguards will probably presentvery few obstacles to the other 20 percent of data thieves. “Forexample,” says Lenkey, the founder of Eye of Ra Security, “mostbreak-ins to agencies such as banks or mid-size firms take place afterhours.”Lenkey says he left college because his instructors told him theyhad nothing more to teach him. After wandering the country for anextended time, he fell into computer consulting and ended up assistingthe FBI in establishing its Infraguard program, which hunts down thewhole range of computer criminals. In 1994 he incorporated his company,which is located in Whitehouse.”The problem,” Lenkey notes, “is that computer break-insare subtle. It is not like a suspicious character who can be easilyspotted by a well trained teller.” To extend protection beyondthe basic in-house staff awareness that Read preaches, small to mid-sizefirms might need the help of an outsourced data security service.Such an outside service provides various price levels for continuousprotection depending on business size and personal paranoia.Typically, their technical representatives analyze the normal flowof transactions and protocol levels and thereafter monitor for suspiciousirregularities. They check for appropriate changes during employeevacation times. (A good reason to have each employee take his fullvacation.) If hackers should penetrate the first level of defense,succeeding layers will immediately be beefed up and the hacker willbe traced.Eye of Ra will corral and safeguard your entire herd of data for anywherefrom $25,000 to $125,000 annually, a price that Lenkey claims replacesup to five security agents. Pifer Financial Security charges an $800to $4,000 monthly fee. Read warns against overkill. “You don’tarm your small branch bank to resist a Panzer tank assault,” hesays. “By the same token, hiring a full-time data security professionalis unnecessary for all but the largest of companies.”On the other hand, the cost of security neglect can be devastating.Three months ago, Ford Motors was invaded and more than 20,000 peoplesuffered identity theft: bank statement information, credit card numbers,and credit histories, all were stolen for resale. This is the kindof hit from which a firm may never recover. Computers and E-commerceare definite godsends. But they force us to face an old financialmaxim that we must obey: With every new business-expanding tool comesan increased cost of doing business.— Bart JacksonTop Of PageCorporate Angelsd>Weidel Lambertville was a Gold level sponsor inthe third annual F.A.C.T. (Fighting AIDS Continuously Together) NewHope/Lambertville AIDS Walk. F.A.C.T. Bucks County is an all-volunteer,non-profit organization with two missions — to maintain the qualityof life for those infected by HIV/AIDS, and to educate and promoteawareness of this disease. The organization provides essential fundingto needy individuals living in Bucks and Hunterdon counties, and theirfamilies, for medication, utility bills, rent, mortgage payments,transportation, and other personal needs.The Trenton Thunder has received the inaugural Signs ofSobriety Community Service Award for its contributions to the community,including raising more than $2 million in nine seasons for area organizationsand foundations.Through its “Grand Slam/We Care” community programs and fundraisingefforts, the Trenton Thunder partners with other local and nationalorganizations, including First Union National Bank, Johnson & Johnson,Major League Baseball, New Jersey Education Association, PrincetonUniversity, PSE&G, Merlino’s Waterfront Restaurant, and WaWa.Through Boomer’s Book Buddies, in partnership with the NJEA, the teamsends its mascot, Boomer, to schools to enact the poem “Caseyat Bat” and to give youngsters a bookmark asking that they read10 books outside of their required reading. Children who completethe task are given two free tickets to a Thunder home game.Also in conjunction with the NJEA, the Thunder hosts a Holiday Foodand Clothing Drive to benefit the Trenton Area Soup Kitchen and theTrenton Salvation Army. The school raising the highest amount forthe charities receives 100 tickets to a Thunder game.Other Thunder community and charitable programs include a Super 50/50raffle at home games, through which a charity receives half the proceedsof the raffle tickets and the fan holding the ticket receives theother half; and the Educational Winners Circle, through which theThunder and First Union Bank each give five cents for every ticketsold to a pool that is donated to a number of area charities, includingProject Learn and the Educational Talent Search.Sun National Bank and the Mercer County Bar Associationcollected new or used hats, gloves, and coats in good condition, andare distributing them to individuals in need.The Starbucks Foundation , the charitable arm of the StarbucksCoffee Company, has given the YWCA of Princeton’s Family LiteracyProgram a grant of $10,000.On Wednesday, October 23, Merrill Lynch, Private Wealth Managementhosted the first annual Corporate Bowl to benefit Big Brothers andBig Sisters of Mercer County. The event was held at Colonial Lanes.Each person bowling collected or donated a minimum of $50.A-1 Limousine participated in the American Diabetes Association’sAmerica’s Walk for Diabetes. Six walkers took part and raised a totalof $1,700. Led by Alfred Santaniello, the company’s hiring/trainingsupervisor, A-1 has been involved in the annual event since 1997.The Verizon Foundation has given a $2,000 contributionto the annual CONTACT of Mercer County gala, which was held on Saturday,November 16, at the Chauncey Conference Center on the ETS campus.CONTACT is a 24-hour crisis and suicide hotline. Its mission is toprovide compassionate and confidential telephone support and referralservices to people in need. CONTACT volunteers receive extensive trainingthat enables them to handle a myriad of caller crises, from childor spousal abuse and drug addiction to loneliness, depression, andsuicide. It serves all members of the community, from children tosenior citizens.The Robert Wood Johnson Foundation has awarded a grantof $300,000 to Crawford House. Located in Skillman, Crawford Houseprovides transitional housing to women in early recovery from alcoholor drugs. In addition, Crawford House, using the Twelve Step recoverymodel, provides residents with the tools necessary to continue theirrecovery and to continue on to independent living.The funds committed from the Robert Wood Johnson Foundation will beused to construct a new transitional housing facility on the agency’scurrent site. The new structure will replace the current residenceand will allow Crawford House to expand its capacity to serve womenin need from 14 to 22.PNC Advisors , the wealth management division of PNC FinancialServices Group, was a major corporate sponsor of the Historical Societyof Princeton’s annual dinner dance fundraiser held at Princeton DaySchool on Saturday, November 16.Previous StoryCorrections or additions?This page is published by PrincetonInfo.com— the web site for U.S. 1 Newspaper in Princeton, New Jersey.
