Business Security Blog

Business computing has been a very worthwhile subject of study this semester. Indeed, today’s business world is undergoing significant changes and computing is affecting the fundamental ways in which businesses operate. A course like Business Computing helps business students to gain knowledge of computing and see how it can be applied to the changing business practices of today.

Throughout the semester we were introduced to a variety of topics. One thing we both appreciated about the way in which the course was taught was that it was not directed towards students planning on specializing in business computing later in their career, but rather the class was instructed in such a way as to provide an understanding of the fundamentals of the topic to even people without a strong familiarity of the subject.

Business Computing class introduced many of us to the essential facts, concepts, principles and theories in computing. We were also introduced to the modelling and design of computer systems. For many of us, even the most basic concepts were at first intimidating and by reputation alone, they seemed much more complicated than they actually were. Many of us were initially intimidated by the subject because we simply were not aware just how versed we already were in IT. For example, we all use email. Many of us already engage in business transactions over the internet quite frequently. And many of us make use of company servers and databases. In any case, we were simply unaware of the fact that these common, every day practices were all instruments of business computing. As the semester progressed, the unfounded fear many of us felt towards IT gradually faded away and we began to grasp what seemed like complicated concepts like “servers,” and “BI.”

Another thing worth mentioning about this Business Computing class was the fact that students were expected to demonstrate interpersonal skills (e.g. building relationships, maximising individual strengths, negotiating individual contributions to the group task) to allow the pursuit of group goals and to foster individual and group effectiveness. This was largely due to the Socratic teaching approach utilized by Mr. Willson. This approach motivated students to become engaged in the learning as we didn’t just sit through lectures on what could have been an extremely dry subject. Instead, through classroom discussions and group work, we students became active partners in the learning process and we were able to develop a better understanding of the subject by gradually building upon our own developing comprehension of the subjects discussed. This was particularly true when we discussed in groups the importance of IT in business and questioned whether any corporation could survive the future without an adoption of IT.

In terms of the actual concepts we learned in class, these included ways in which to recognise and analyse the appropriate measure for dealing with specific computing problems and the numerous ways in which to plan strategies for their solution. An example of this would be the blog we were required to write on the subject of security for businesses conducting e-commerce. This required us students to become more conscientious of a very real problem that exists in today’s business world and to contemplate on the ways in which this could be addressed through the use of various security systems. Moreover, the fact that we were expected to present our finding on a blog and in some way make our argument as if we were attempting to convince a board of directors to implement security systems encouraged us to familiarize ourselves with a form of e-commerce (adsense), while simultaneously practicing the art of convincing people of authority.

The first assignment was very useful as it introduced us to the full extent to which business can be carried out through internet beyond the conventional methods. Through this, we realized that the internet is an invaluable tool in assisting a business to gain exposure and traffic. The internet also allows for more efficient and effective ways of conducting business that can save an enterprise incredible sums of money.

The second assignment on the other hand, had us learning the skill of blogging. We learned how to create a blog, and how a person can make money from a blog by gaining exposure to Adsense. Even though we were unable to activate an Adsense account immediately, it is something we intend on pursuing after we have met all the time requirements. In the grand scheme of things however, this assignment provided us with a hands on opportunity to make money with relative ease. This is about as close to a free lunch as a person can expect in life.

The blog assignment also required us to find innovative ways of sharing our opinions with people from around the globe. With more time, this could even result in a dialogue with other people on the subject of internet security. Indeed, the blog we created allowed for comments to be left by visitors. While we have not had any comments from any visitors as of yet, the future is full of possibilities. Blogging is not just a one way street in terms of communication. We get the chance to express our opinions and at the same time we get to receive feedback from guests to our blog via the comments boxes.

Business Computing class also introduced us to the world of Business Intelligence and the dynamic and insightful way in which it can be incorporated in the strategies of an enterprise. By utilizing business intelligence tools into the arsenal of a business’ strategic planning, a business is able to find valuable patterns that would not be easily detected by human eyes. This can be implemented in countless businesses and in the numerous departments within these same businesses. Really, the possibilities are endless.

In conclusion, despite the fact that many of us had misgivings about the relevance of business computing in our own personal careers, the fact has been made clear that business computing and its many faculties can easily benefit countless aspects of our various professions and these are lessons we can take with us in our future career paths.

The consequences of a failure in internet security can include a number of possibilities. On the minor end of the spectrum, a security failure can result in loss of time in recovering from the problem, and therefore a reduction in a company’s productivity. At the opposite end of the spectrum however, such a failure in security can result in a significant loss of money or staff-hours, a devastating decline in consumer confidence, a lost market opportunity, a business no longer able to compete, legal liability, and the loss of life.

Internet security can serve to protect a corporate image, guard customers and clients, and help to meet the appropriate regulations. These are reasons why an organization must implement a security system when conducting any form of business online. In all certainty, security threats will only become more advanced and for this reason, organisations must develop solutions that can meet these incoming challenges and protect consumers.

The three most fundamental principles regarding the protection of important on the Internet can be listed as privacy; reliability; and accessibility.

Authentication, authorization, and non-repudiation are some of the key concepts related to people accessing information. It is important to remember that the copying or reading of information by an unauthorized user is a direct example of a loss of confidentiality. Obviously, confidentiality and privacy is a priority for many types of information. Take research data for example. Or medical records. Or even insurance records. From a company perspective, the protection of new product specifications is of vital importance. And the same applies to highly classified corporate investment plans and strategies.

There are certain circumstances, and certain locations, where there is actually a legal obligation to protect the privacy of individuals. This is certainly true when it comes to entities like banks, loan companies, credit reporting agencies, debt collection agencies, tax collecting agencies, and businesses that issue out credit cards or credit for existing customers. The same can be said about hospitals, doctors’ offices and laboratories that conduct medical testing, as well as any organization that provides any form of psychological assessments, counselling, or treatments, including drug addiction treatments.

As mentioned above, the risk of corruption of information is all too real when it is present on insecured network. Whenever information is tampered with and modified in unauthorized ways, the repercussion can be defined as an attack on the integrity of the network. Integrity is of vital importance when dealing with information on networks that deal with safety or financial data. Examples of these include activities like the electronic transfers of currency, air traffic control, and financial book-keeping.

Accessibility is another crucial concern in the world of effective IT security. The fact of the matter is that without proper security, important information can be erased or corrupted and become inaccessible. The result of a loss of availability of important information can deal a crippling blow to any organization. For example, people who are authorized to get information cannot get what they need. Moreover, availability of information is often the most important attribute in any service-oriented business relying on information. A relevant example of this can be seen through consideration of things like airline and bus schedules as well as common online inventory systems.

To make information available to those who are authorized and trusted to access it, it is required that organizations operate a system of authentication and authorization. Such a system can verify the identity of the user. Examples of these systems include things that only a specific user may know. This can include a password or a pin number. Authorization can be defined as the process of determining whether a particular user (or computer system) has the authority to perform a particular action. This can include things like reading a computer file or executing a program. Users must be authenticated before carrying out the activity they are authorized to perform.

As cyber identity attacks by hackers increase at startling rates, the threat that the rates of users engaging in online transactions will decrease as a direct result of identity attacks – particularly in the area of financial transactions – become all the more dangerous. Indeed, one of the major benefits of e-commerce for a company is the fact that significantly less investment is required by companies in order to distribute their products. If, for example, consumers return to more traditional means, such as purchasing goods via call centre or even “brick and mortar channels,” companies can expect an increase in the expenditures required from them in order to connect consumers to their products. New employees will need to be hired to man the telephones, or be employed in stores and this will increase costs saved by conducting business over the internet.

It is only a matter of time that consumers grow weary of taking risk of using online services if more is not done to provide them with accessible and effective protection, while at the same time remaining user-friendly. The effects, as mentioned above, are two fold. They can include increases of required investments by a company in order to resort back to traditional means of selling products and services. It can also result in losses from obligations to reimburse – at least partially – consumers who fall victim to hackers while conducting business on their websites.

While the risk is clear, one can also witness how there are significant rewards for organisations that address the issue of security head on by providing their users with better protection of their online identity. By doing this, they can retain existing customers, and even attracting more trusting consumers in a cost-effective way.

While all of these hacking approaches are unique, these diverse attacks are all made possible due to the inherent weaknesses of password-based, single-factor authentication used by companies conducting business to consumer commerce online. After all, the moment that an online hacker manages to acquire the user identification and password of an unsuspecting consumer, he has everything necessary to access the victim’s online account. Unlike traditional forms of identity theft, the online attack can come from the opposite end of the world and only a small percentage of users need to be reached in order to result in the compromise of a considerable quantity of user information.

And though stronger authentication policies are beginning to be adapted by increasing numbers of firms that conduct business over the internet, the continuing reliance on simple passwords in the vast majority of transactions conducted via the internet enables cyber fraud to continue to grow.

One of the reasons why single password systems remain in place, despite their obvious frailties is to actually accommodate the desires of consumers. Indeed, the problem of single user passwords is compounded by the fact that research has demonstrated that consumers frequently prefer convenience and usability over increased layers of security when conducting business online.

In any case, many online organisations provide some or even complete reimbursement for losses from the fraudulent attacks made on consumers using their company websites. This, naturally, results in significant costs to these firms and provides considerable incentive and a valid business justification for dealing with this issue without delay. In any case, it is not merely the financial cost for businesses that provides incentive for these same businesses to implement security for handling transactions over the internet and this is not the most important impact or hazard from online identity theft.

Another type of banker trojan is designed to display a fraudulent web page that imitates the user’s online bank. When the user enters his banking information into this counterfeit page, this information is sent directly to the hacker. This method is almost identical to phishing, which not only targets customers of banks, but also consumers of web pages such as eBay.

The moment a hacker acquires access to a victim’s bank account, they frequently will drain funds from the account, while simultaneously collect more personal details about the victim for future use. What differentiates this type of cyber fraud from common identity theft is the fact that the criminal does not even need to reside in the same continent as the victim, nor have any hard copies of personal information.

Consider a company PC that is used for business or personal use on the web. It is quite possible that this same PC will be exposed to some internet threat by an unsuspecting employee. Indeed, many companies have a false sense of security, because conventional means of protecting business frequently overlook web-based dangers. As a result of this oversight, it is not unheard of for company servers to be hacked by criminals and the information stored on these servers from ecommerce services such as web site hosting and payment processing to be stolen. The lack of security by companies enabled hackers to plant malicious code, thereby allowing them to intercept financial information from consumers making purchases online though stores hosted by these servers.

Beyond attacks directed at companies, hackers more frequently attack consumers and individuals. Some banker trojans rely on users to provide particular key words like the names of financial institutions, for example. Once these words are typed by the unsuspecting user, this triggers the Trojan which then begins to record the keystrokes. In this manner, a computer hacker is able to obtain banking passwords and user identifications and thereby gain access into various financial accounts.

Other more complex Trojans actually make use of video technology to capture images of data inputted by unsuspecting consumers as they make financial transactions online.

Two of the most common approaches utilized for hacking personal information are known as phishing and “man-in-the-middle attacks.” These approaches rely on the use of ‘spoofed’ e-mail messages and other techniques to direct consumers to fake web sites where their private information can be easily swindled. By fooling victims into divulging their usernames and passwords, attackers can gain access to the victims’ accounts.

Recently, however, there has been a migration from email based attacks to web-based attacks by cyber criminals. This results in a threat not just for consumers, but also it poses a direct threat to companies. The risks for companies include the possibility that important information will be lost, stolen, corrupted, or used fraudulently and that computer systems will be corrupted. Because much company information is recorded electronically and made available on networked computers, this information becomes more susceptible to theft and tampering than information that is on paper and stored securely in a safe or file cabinet. After all, for a person to steal from a locked file cabinet or safe requires him or her to physically enter an office or home. If a skilled hacker wishes to steal from a network computer, on the other hand, he or she does not even need to be in the same continent. All they need to do is create new electronic applications, execute their own programs, and conceal evidence of their crimes.

Many hacking techniques exist in the realm of internet fraud, and while they may operate in different methods, the goals remain largely the same: to capture personal information from a consumer and exploit this information for financial gain at the expense of both consumers and businesses involved in financial transactions online.

Two of the most common approaches utilized for hacking personal information are known as phishing and “man-in-the-middle attacks.” These approaches rely on the use of ‘spoofed’ e-mail messages and other techniques to direct consumers to fake web sites where their private information can be easily swindled. By fooling victims into divulging their usernames and passwords, attackers can gain access to the victims’ accounts.

http://news.bbc.co.uk/2/hi/technology/8544413.stm

Online attacks targeting a consumer’s identity are increasingly becoming the most lucrative and most rapidly increasing sources of crime in the world. Indeed, studies suggest that in 2006 more than $49.3 billion was obtained by criminals using online identity theft on US consumer victims alone.

The increased volume of online attacks and data breaches are impacting consumer confidence and online adoption. In addition, the losses incurred by users have increased by more than 100% year on year. According to a December 2007 report by Gartner, 3.6 million adults lost money to phishing attacks in the 12 months ending August 2007. This is compared to 2.3 million who lost money in 2006. All told, US $3.2 billion was lost to phishing in 2007.

Everyday, countless transactions involving millions of dollars are exchanged over the internet between businesses and consumers. Some of these transactions involve nominal amounts of currency while others involve large fortunes. Not surprisingly, where there is money, crime is not far behind. Indeed, internet fraud is real.