CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

On the Net, trick or...trick

For attorney Eric. J. Sinrod, safely navigating through the sundry Net horrors this Halloween is proving more hazardous than ever.

The goblins you face this Halloween season may not be costumed children at your front door.

Instead, you very well might be the online victim of viruses, phish, spam or denial-of-service attacks. Tricks, to be sure, these attacks offer no treats.

Worse yet, some of these attacks do not come from the "outside," and instead can emanate internally from within a business organization. One common example: computers infected by malicious software that later get used to launch online attacks. This is problematic, given that 45 percent of IT professionals recently surveyed by MailFrontier Research reported that their e-mail security systems do not safeguard their business from such attacks launched internally.

The collective impact of these various attacks can be significant. Some of the possible consequences include business interruption, remediation expenses, loss of critical data, and compromised intellectual property.

Indeed, according to the recent Digital Risk survey by the Economist Intelligence Unit, approximately one-third of risk managers reported financial damage caused by phishing and hacking attacks. Remote working by employees was cited by 57 percent of respondents as increasing exposure by companies to electronic threats.

The collective impact of these various attacks can be significant.

More than half of the Digital Risk survey respondents reported that the increasing sophistication of hackers and cybercriminals poses a great challenge. Just under half of the respondents stated that IT and security problems represent a high risk to their businesses.

So, how do we avoid nasty online Halloween tricks?

MailFrontier recommends that companies only use authenticated servers to send out e-mail. Individual users should not be allowed to send e-mail without the messages being transmitted through corporate servers.

In addition, MailFrontier advises companies to monitor the volume of e-mail coming from particular e-mail or IP addresses outside of companies' networks, and to verify that spam, viruses and phishing e-mails are not being transmitted from companies' networks.

Interestingly, almost half of the Digital Risk respondents voiced the opinion that it is not enough for information technology risks to be managed by a chief information officer. Instead, other executives also should be involved, such as a chief risk officer.

Apparently, some companies are getting it right, at least as a matter of public perception. Various reports demonstrate that consumers are quite concerned about phishing and spoofing and the resulting theft of personal and private data. Truste and the Ponemon Institute just completed their 2005 Most Trusted Company Privacy Survey.

The survey results conclude that these are the top 20 companies when it comes to online privacy practices, from first to 20th: American Express,, Procter & Gamble, Hewlett-Packard, eBay, America Online, U.S. Postal Service, Dell, IBM, EarthLink, Google, Charles Schwab, Apple Computer (including iPod), Johnson & Johnson, WebMD, E-Loan, Washington Mutual, Federal Express, Yahoo, USAA and Disney. These companies are perceived to protect important data and not to have suffered the same level of privacy breaches as other companies.

Perhaps knowing that some companies are held in high esteem when it comes to electronic risks is the online Halloween treat that we have been waiting for after all. Hopefully, others will follow their lead.