Yet technology has a flip side: a risk that must be managed.

E-mails containing information on your customers and their finances can be "sniffed out" and the information changed or stolen by individuals using free software they have downloaded from the Internet.

Your local and wide area networks can be accessed without your knowledge and your bank's confidential information destroyed or distributed to the world.

Your Web site can be breached and information changed or - the final insult - inappropriate or pornographic material uploaded to your site.

Even as you read this article, unscrupulous individuals are devising new ways to make your life absolutely miserable. Unless you have safeguards in place, you won't know they're attempting to read your e-mail, prowl your network or sabotage your Web site until they've done their damage and disappeared.

Yet just as technology has made our lives immeasurably better, technology provides the tools to turn back these cyber criminals. Here's an overview of the threats you face and tools available to combat them.

E-mail

Viruses are man-made electronic plagues that can strike at any time. A good example is the "I love you" e-mail virus that leapfrogged through cyberspace in May, infecting the world's computers in a matter of hours. It slipped through virus-detection software then e-mailed everyone in the victim's address book, spreading as users opened the attachment. The virus was contained only after email servers around the world shut down while the virus software companies developed an electronic antibody to "clean" the infection.

Virus fighting requires oldfashioned vigilance and good antivirus software. If you are using a secure e-mail service such as is provided with CSI's CSINet, your risk of virus attacks is greatly reduced. CSI has installed software on our servers designed to filter out virus programs. If you are not sure of the security of your Internet Service Provider (ISP) then you need to be aware of the following.

You should purchase and install a reputable anti-virus product on every computer and network server within your organization. The best products remain resident in your computer's memory and perform scanning during the downloaded and execution process. You should receive and install frequent updates to the pattern files your software uses to recognize viruses. Above all, educate your employees about the dangers of computer viruses and instruct them to avoid opening email attachments from unknown sources or those that are part of messages that seem suspicious.

Viruses aren't the only threat. An important fact to remember: the Internet is basically an open system of networks that transmits information between computers and information may be routed through any number of network servers before finding one that recognizes the desired address. Each pass through these servers provides hackers with the opportunity to intercept, read and alter the data before forwarding it to the intended recipient.

Encryption

Encryption prevents this attack on your privacy by transforming data into an unintelligible format. There are two levels of encryption: single key encryption like that used in SSL (Secure Socket Layer) at the browser level, and dual key - the most secure - which adds authentication so that information can only be shared between desired individuals. Dual key encryption requires certificates from Verisign, Thawte or other certificate authority, or an implementation of PGP (Pretty Good Privacy). Current methods of certification are cumbersome to set up and there is a movement in the industry to streamline this process.

Firewalls

The best way to understand why you need a firewall is to visualize an individual computer as a "house." If it is unlocked, unsavory individuals can travel the Internet's electronic path, go inside, take what they want and even vandalize the dwelling before they leave. Once again, if you are using CSINet and your ISP, you are protected by an industrial strength firewall at the CSI server. If you are not sure of the security of your ISP then you need to be aware of the following.

If your organization has a local or wide area network, a network firewall - a round-the-clock electronic guard that stands watch at the gate of your computer neighborhood - is a must. A good firewall not only protects your network behind an electronic barrier, it contains comprehensive rules to determine what services are offered and how access is controlled. It should also have the ability to highlight critical events, track usage and report information to your network administrator.

If any individual within your organization is accessing the Internet via a dial-up connection, a personal firewall - which erects an electronic barrier around the PC - should be considered a minimum requirement. Network Associates and Symantec have recently released some very affordable personal firewalls.

If a firewall is your guard at the gate, then Intrusion Detection Software is your network's alarm system. The software recognizes all known attempts to infiltrate your network and warns your network administrator so that loss of information can be prevented.

Another tool - Network Monitoring Software - allows administrators to observe employee usage of both the Internet and internal systems. In some cases these products can be configured to restrict activity to certain inappropriate Internet sites and compile usage reports on individuals to assist in access management.

Internet connections are not your only risk. You may believe mistakenly - that because you do not have Internet access, your PCs and networks are safe from electronic invasion. In fact, dial-up modems pose one of the greatest threats to your organization. Hackers use software programs known as "war dialers" to scan a designated range of telephone numbers looking for modems they can use to invade your computer. It is imperative that you block all inbound calls to the phone lines attached to modems and - this is especially critical - power off the modem when not in use. Another technique is to use "dial-back" modems. These will receive inbound calls, identify the caller, disconnect and then call the caller back if they are certified to use the system.

Believe it or not, your hardworking staff can let you down. In an effort to provide the highest level of service to customers and other employees, they may succumb to the "social engineering" skills of corrupt individuals and unintentionally provide information that is later used in attacking your system. To safequard against this type of information espionage, you should instruct them not to divulge any confidential information, such as passwords or phone numbers for remote access, without first seeking the approval of a supervisor or other member of management.

The use of firewalls, data encryption, anti-virus software and other security tools and approaches are not enough to prevent unauthorized and potentially damaging access to your computer systems. Real prevention begins by developing policies that state the value of your systems and the information they contain, describe management's approach to dealing with information security and identify the rules that govern employee usage (see below).

After developing your policies, provide copies to all employees for their review and require that this review be documented by having the policy signed and returned to your personnel department for permanent retention.

Internet connectivity and other network security vulnerabilities represent challenges for those trying to ensure the confidentiality, privacy and integrity of your organization's data. By performing a network assessment and deploying the appropriate security controls and tools, you can limit unauthorized access to your internal systems and shatter the dreams of any would-be Cyber Outlaws as you incorporate the technologies you need to succeed in today's "connected" world.

Suggested Internet policies

Require immediate scanning for viruses of all downloaded files.

Require encryption of sensitive data that is sent on public networks.

Identify unacceptable materials (pornographic, obscene, discriminatory, illegal, etc.) that can be accessed through your Internet connection.

Remind employees that chats and newsgroups are public forums where it is inappropriate to reveal confidential information, customer data, trade secrets, or any other material covered by existing secrecy policies and procedures.

If you allow non-business research and surfing during mealtimes or outside normal working hours, define these times and identify the policies that apply during these times.

Suggested network security policies

Classify information and assign security rights based upon employee needs.

- Periodically re-issue unique passwords and require employees to keep them confidential. (At CSI our password standard is a length of eight characters, requires at least one alpha and one numeric character and is upper/lower case sensitive.)

- Require the use of screensaver passwords to prevent access to systems when the user is away.

- Require employees to log-off before leaving work.

Limit the number of modems attached to your network; require that inbound calls to modems be blocked; and power off the modems when not in use.

Insist that employees not divulge confidential information before seeking the approval of a supervisor or other member of management.