To deal with hackers who break through office systems through the Internet it is important for information managers to understand their enemy well. If they have sound background knowledge about hackers, they might be prepared to deal with them in a much more effective method. Hackers are very educated often mostly university or high school students who try to break through systems for which they have no authorization. They deal poorly with people, have few friends and less relationships, but at the same time are very smart. Therefore they revert to computers because they know computers will not reject them.
With bulletin board communication they can form social relationships but those are behind the screen, where hackers feel shielded. (Pfleeger, pp. 12-13) Hackers justify the crime of cracking through systems by stating that nobody gets hurt in this situation. Hacking can be done without having a conflict with any human. Hackers also usually work in groups, and when they do so they become more dangerous to office systems. By sharing information they manage to put together a solution that would allow them to break in a office system.
The news media has labeled hackers as mere children who play pranks. (Pfleeger, p. 13) Even Amy Wohl who is a noted information systems consultant states that the hacker risk is the smallest of the computer crime risks. (Ray, p. 440) Amy Wohls statement is incorrect because due to the hacking of automated office systems millions of dollars in damages have occurred. According to the American Society for Industrial Security (ASIS) the increase attacks by hackers through the Internet has jumped to 323% since 1992. Total losses to the U. S. dustry are approximately $2 billion per month.
Thus it is very essential for information managers to know about the different problems hackers can create for automated office systems through the Internet. (Anthes Hack Attack. , p. 81) One of the main problems that hackers can cause is that they can break into office electronic mail (e-mail) messages. This can be especially dangerous for those office systems who use electronic mail as their main source of communication.. Electronic mail on the Internet is as confidential as a postcard.
After the sender transmits the message, it travels from one network to another until it reaches its recipient. Therefore, hackers can easily break into electronic mail while it is traveling towards its destination. Further, when it reaches the recipient there will not be any evidence of tempering with the e-mail. (Rothfeder , p. 224-225) Another tool that hackers use is called a sniffer. A software which can be easily planted in an organizations system, works like a concellead recorder and captures e-mail messages as they are exchanged.
Behar, p. 35) Hackers value e-mail because it contains valuable information. They can find anything from secret strategic plans to log-in passwords required to get into the office system. Once they have this vital information, hackers can have access and cause major damage to the office system. (Rothfeder, p. 225) One of the victims of e-mail hacking was Wind River Systems. A software company, Wind River Systems has a communication system where they exchange e-mail with customers on the Internet.
By trying a few passwords on the office system, hackers were able to access the system of Wind River Systems in California and France. When a expensive bill for accessing the Internet came to Wind River Systems, they found that hackers had gotten in their communication system. Wind River Systems discovered that due to the intrusions hackers obtained programming codes which could have the potential to hurt future performance of the company. (Behar, p. 33) Penetrating electronic mail is just one way hackers intrude and destroy office systems.
Banks who have established office system that provide online banking services to clients also face problems. One of the first Internet banks, Security First Network had to stop hackers from electronically breaking into account files in the first few months of its operations. In addition, Citibanks office system was also hacked when a Russian hacker electronically transferred $11 million from New York to Finland, Israel, and California. These incidents leaves many banks in doubt whether they should have systems that are capable of providing customer service on the Internet.
Instead, banks such as Chase Manhattan are collaborating with companies like Checkfree, Intuit, and Microsoft. The reason is that these companies offer private consumer banking networks that have powerful security schemes. Thus the cost of office automation would be justified because hackers will not find it easy to break into the banking networks protected by such firms as Microsoft. In contrast, other financial institutions such as Bank of America are willing to take the chance and implement their systems so that they are capable of providing better services to customers on the Internet. (Rothfeder, p. 9)
One more deadly tactic that hackers can employ against office systems is stop their connection to the respective Internet serviece provider (ISP) that host almost a thousand corporate web sites. This method is called denial of service whereby hackers interfere with the office system communication such that office systems cannot gain accesss to its ISP. When office systems communicate with their ISPs they use a three-way handshake process whereby they first send a signal, the ISP receives that signal, and then the ISP re-sends the signal to the office system so that a connection can be established.
Hackers have found a way to disrupt this process by interfering with the last part of the three-way handshake. Instead of the signal going back to the office communication system the hacker directs it to another direction. Thus, the office communication system never connects to its ISP and therefore cannot obtain mail or connect to other web sites. The nature of this attack creates ineffectiveness for office systems who have implemented the Internet as part of their communication systems. There is no use for a communication system which cannot be used.
Furthermore, if Hackers cant break into the system they can make many services of the Internet unavailable to the office. violates one of the goals of information security. This presents a serious challenge to office automation specialist who must realize now that even if their communication systems are tamper proof hackers can still deny them external communication. (Cobb, pp. 37-38) To combat the attacks of hackers, office automation specialist can employ a number of tactics that would ensure that their office systems remain safe.
Certain guidelines and technologies can be applied by information managers when they are in the analysis and design phase of office automation. To begin with, information managers must maintain guidelines that minimize risk when using the Internet. These guidelines can be in the form of rules for employee Internet usage. The main intent of these guidelines is to limit the use of Internet for business purposes only. Most employees use the Internet for personal reasons such as when they surf sex and pornographic material on the Internet.
This not only creates security leaks for the office system, but also makes Olsons Theory a strong phenomena in the office environment. Employees are less productive in their work which results in soft dollar loses for the company. Nonetheless, controlling employee use of the Internet is nonproductive. The solution is to educate employees about the proper use of the Internet, explain them the disadvantage that occur if the Internet is used improperly, yet at the same time accept the fact that employees will still look at web sites that are not business related.
Nevertheless, it is wise to develop detailed Internet polices in terms of usage so that employees know the consequences of wrong abuse. (Wagner, p. 55) According to Barry Weiss, a partner at Gordon & Glickson, a Chicago law firm that specializes in information technology legal issues, for the Internet to be used as a effective tool for communication companies need to define policies and procedures to avoid risk. (Wagner, p. 58) Another method in which companies can protect their office systems from hackers is by asking employees to develop and maintain smart passwords.
Employees should not write down their passwords and leave them near a computer. They should create password which relate to people closely related to them. Also they should not share their password with anyone and near should they store their passwords in the computer. Passwords become hard to crack by hackers when they have both upper case and lower case letters as well as digits and special characters. Further, the should be long and should be able to keyed in quickly so one can follow when typing on the keyboard. (Icove, pp. 135-136)
Having strict guidelines is one solution to minimize hacker intrusions. Employing technologies is another solution to accomplish the same goal. One specific technology to implment in the office network is called firewall. This tool combines the technology of hardware and software and functions by protecting the office network when it is connected to the Internet. A firewall analyzes data and accepts only the data that is approved by the information manger. The firewall collects all users in one area and views whether they are performing an approved activity such as sending electronic mail to clients.
Since all the activity has to pass and be approved through one checkpoint this tool is useful for controlling data and keeping logs of the users activity. Adding a firewall in the office system can be done in two ways. It can be purchased as a package from a vendor or it can be built. Logically it is cheaper to build a firewall, a good choice for those information mangers who are operating on a strict budget. (Anderson, pp. 106, 108) When buying a firewall from vendors it can get very confusing since there are a lot of varieties and costs that each vendor offers.
There are more than 40 vendors in the market who offer new releases in less than a year. However, this trend is also changing. The National Computer Security Association (NCSA) has developed a program which will make it easier for information managers to select a firewall from numerous packages. It will do that by establishing performance standard needed for an effective firewall. Based on this criteria it will test and certify those firewall packages which meet its criteria.