Travel Reference
In-Depth Information
computer infrastructure and gauge the effectiveness of current counter-
measures.
The basics of computer security are generally the same whether here
or abroad, although there are some additional concerns that apply to the
foreign environment, which we will discuss below. The first element
always to deal with is physical security. As we have repeatedly stated, phys-
ically protecting a site or item is the primary concern. The best security
system in the world, for example, will not do the company much good if
a laptop with sensitive data is stolen. Care also must be taken to secure
the individual computer stations to prevent unauthorized access by intrud-
ers. Proper site security, alarm systems, and access control systems will
help in this regard.
Information stored in the company database must be backed up with
the copies stored off site. We saw the importance of this procedure in the
aftermath of the September 11 attacks. Some companies without off-site
backup faced a nearly insurmountable task of re-creating data that was
permanently lost when the towers fell.
A strict protocol must be put in place mandating that computers be
shut off when employees step away from their desks. Password protection
is not much use if the authorized user logs in and then leaves the station
unattended. Modems in particular must be disconnected or turned off
when not in use. This will prevent a skilled party from being able to com-
municate with your computer and being able to hack into the system.
As we discussed in the chapter on corporate espionage, proper dis-
posal methods of discarded trash containing sensitive information must
be implemented. A floppy disk or CD containing sensitive data must be
thoroughly destroyed. If your printer uses film ribbons, the ribbons must
be destroyed, as they can yield information in much the same way as old-
style typewriter ribbons could be read and some of the words written on
a particular ribbon re-created.
Individual access to PC stations must be protected by passwords
unique to each individual, which must be changed on a regular basis. In
systems used by the federal government, passwords are randomly gener-
ated and assigned. Individual users do not create their own passwords.
This is done to prevent an intruder from guessing a user's password.
Despite all warnings to the contrary, most computer users still create pass-
words that are based on birthdays of children, spouses, or themselves or
addresses or other numerical or alphabetical combinations that would be
easy to guess. Hackers are experts in guessing passwords. They know all
