BOSTON — Bob Stratton has an interesting job. As vice president and chief technologist at Security Design International in Annandale, Va., he often gets to pretend to be a cyber-criminal in order to find weaknesses in a client's computer network. What Mr. Stratton has seen has led him to develop some straightforward rules to protect computer networks from cyber-criminals.
(1) "Look at every electronic connection into your business - anything that gets a dial-up or gets into your business from outside - and do a vulnerability assessment," Stratton says. "That includes the top executives who want access to their work machines from home. Banks of modems are just waiting for someone to dial in without security clearance."
(2) "Check the content on your Web site. Often it can expose the organization to intruders."
(3) "Check what's happening inside your business, where an authorized user might be exceeding authorized use. Many cyber-crimes are committed with the help of people inside an organization."
(4) Consumers can help businesses achieve greater security, Stratton says. "We as consumers have power. If you're doing electronic commerce with a company, ask hard questions about how they protect themselves against cyber-crimes. Ask them if they've had a vulnerability study. If they haven't, don't do business with them until they have."
(5) And finally, if you're attacked, use it as a learning experience. "When someone breaks into your computers, you can learn a lot," Stratton says. "Learn enough to not let it happen a second time."
*For other suggestions on Internet security, including security for children online, visit www. cyberangels.org/ and Shimon's Top 10 Security Tips at www.esafe.com/shimonsays/index.html#top10