Hacking is one of those terms dropped in conversations to prove management is on top of the issues related to computer security. Computer security breaches are reported everyday and occur in even the most tightly controlled environments simply because people are not thoroughly trained in how to identify them or mission critical systems have points where security is missing. Operations where you would think all precautions have been taken find themselves embarrassed when someone steals important information for the purpose of committing a crime.

As recently as November 2008, it was reported a prison inmate gained access to employee online files containing personal information using a computer that was not intended to have access to the internet. The programmers thought access to the internet had been prevented. But “not intended to” doesn’t mean much when using integrated computer systems, because hackers can find ways to get around portals that are guarded. It’s like securing the front and back doors of a building while leaving the side windows unlocked.

Understanding the Problem

In the case of the prison inmate, he accessed employee files using a thin client on the prison server. Though the server was not programmed to allow internet access, the inmate cleverly entered the internet using stolen username and password information from employee files and uncovering a portal in the software used by inmates for legal research.

If an inmate can hack into a prison system with sophisticated security systems meant to guard the public, it is clear there must be multi-levels of security which notify those monitoring the system that an attempt to break-in is happening. The goal is to catch and stop the breach before any information is accessed. In other words, a well designed security system will have two features:

* Security systems preventing penetration

* Trained employees with the knowledge to recognise the signs of a hacking attempt and possible entry points for hacking

You can hire an internet security service to assess your security and design a penetration preventing application, but the employees using the system day-in and day-out need to be knowledgeable in the ways system attackers operate and how they locate and abuse vulnerable systems.

It Takes One to Know One

Basically, you teach your employees how to be hackers so they can prevent hacking. Courses which are intended to teach employees about internet security systems focus on how hackers exploit systems and how to recognise attempts. They also learn how countermeasures work and return to the workplace ready to implement organisational-specific measures to protect computer systems.

If the prison had established security levels which provided notification someone was trying to access employee files through a software program and then prevented that access, there would have been no breach. It is important to make sure your employees are knowledgeable so they can identify possible vulnerability, recognise hacking attempts, know how to use exploit tools, and can develop countermeasures.

Many times hackers make it all the way to sensitive information because employees don’t recognise hacking activity. There is an old expression that says, “It takes one to know one.” In the world of hacking, it takes an employee highly trained in hacking to know a hacker. But the payoff for this kind of training is immeasurable as company assets are protected.



By: Rob McAdam

About the Author:

What is your definition of hacking? Most people think of the news stories that relate to big companies having embarrassing problems as their data is compromised. But in truth, hacking goes a lot further than this.

It doesn’t always have to be someone you don’t know who hacks into your systems and causes problems for your business. It could equally be someone who works for you that doesn’t have your best interests at heart. This is because the basic meaning of hacking is when someone accesses some or all of your computer systems without permission. And it doesn’t just happen over the internet.

Quite often, many people don’t see how widespread computer hacking can be. Assuming that they are only in danger from internet based attacks means they may not be covered for all risks. Even those companies that do all they can to prevent hacking which occurs online may have unwittingly turned a blind eye to other dangers.

This is why an understanding of what hacking is and what it involves can help you to protect your own business more fully. But what do you do if you don’t know all the ins and outs of the threats posed?

The easiest solution is to rely on an expert to make sure every potential hole is plugged, and no one can break into your systems. Network penetration testing is one of the best ways to see how good your computer network really is. If you do have vulnerabilities it’s best to find out via someone who is honest and is looking for them to benefit you. If you assume everything is okay and it isn’t, you could be in for a nasty shock at some point in the future.

It is probably because people limit their definition of hacking that some businesses are more in danger than they realise. Everyone likes to think that all their employees are working honestly and for the company’s good, but it doesn’t always pan out that way.

Supposing an employee was given notice to leave but they had until the end of the day to clear their desk. They could potentially do a lot of damage to your computer system before they left, if the mood took them that way. Even though you could have them arrested for their actions, the damage would still be done and it would take time to rectify.

An expert in the field of ethical hacking would be able to highlight any potential problems and solve them before anyone else had a chance to exploit them. And that is certainly a service that is worth paying for.

Don’t make the mistake of thinking this should only be done once though. Hackers are constantly finding new ways into previously secure systems. If you employ a company to see how up to date your security measures really are, make sure you do it on a regular basis. If you don’t, you still run the risk of being caught out.



By: Rob McAdam

About the Author: