CONTACT .

October 2008

IN THIS ISSUE:
 • In the Spotlight, by David A. Linsky
 • Computer Forensics, by Ken Lacasse
 • SSC News!

QUICK LINKS:
 • www.sscintel.com
 • www.securessc.com

Managing Telecommuting Risks

When we think of risk in telecommuting, we immediately think of IT security considerations. While security is certainly a significant factor, the issue of managing risk posed by employees working from remote or home sites is far ranging. To effectively manage risk in this growing workplace evolution, clear policies will be required to address a host of vital issues. The recent soaring cost of gasoline will undoubtedly continue to drive telecommuting as a new norm while workers and companies look at telecommuting as a means to curb transportation costs and retain workers in the face of record-high gasoline prices.

Telecommuting >

Upcoming Events
SSC Speaking Engagements

SSC can speak on a wide array of security topics. Some topics include: Hiring Risks, Workplace Violence, Training, Risk Assessments, Litigation Support, Computer Forensics, Investigative Services and more. SSC can speak via webinar or in person at one of your meetings, seminars or events. If interested, please contact Beth Gabriel at (203) 925-6148.

 

< e-Newsletter home   |   Recommend SSC Security Matters to an associate   |   All content © 2008

Computer Forensics
A tool for business management
by Ken Lacasse — CTO, SSC, inc.

Protecting your data is a business necessity. Computer forensics is no longer just the stuff of television and movie crime dramas; it is actually an essential and customary part of the toolbox of business executives, legal departments and system administrators. Computer forensics examiners are skilled at finding hidden or deleted files, decrypting information and reading electronic data used by the variety of technologies that are commonly employed by businesses. Computer forensics combines computer science, knowledge and rules of evidence. With the information gathered from these elements, the examiner figures out how information is being used and uses that information to protect your business. Computer forensics requires specialized training, software and experience; and is not something that typical IT staff has as a skill set.

Business executives need to be wary of employee misuse and fraud, both of which are on the increase. This type of activity can range from the misuse of computer systems to the theft and/or destruction of corporate and financial data. These issues can occur because of disgruntled current employees, former employees, or curious employees that have too little to do. Businesses of any size are susceptible to these types of issues, from small family-owned businesses to the largest of enterprises. Smaller companies often trust their information to their employees, never thinking anything bad will come of it. Larger companies often have no protocol as to who sees what and therefore, many see all. One thing is for sure, where there are computers there are possibilities of misuse and security breaches.

In mentioning security breaches, the internal threat is more common that the external because employees don’t have to break through a firewall to get to data. Firewall logs and intrusion detection systems that have alerts and warnings can help document attacks from the Internet. Attacks from the Internet can be documented by firewall logs on intrusion detection systems that have alerts and warnings. Employee actions on the internal network are not logged because it is normal for them to access information. For example, a salesperson might need access to customer information (name, address and phone numbers), but the company may not want this same employee to copy this information outside of the business.

It is fairly common for IT personnel to try to conduct their own investigation before calling experts. Often times, they end up overwriting or altering the evidence. This is because their first instinct is to view the system to see if anything is apparent. Any time the system is used; information is changed and possibly overwritten. Simply powering on a computer running Microsoft Windows can alter hundreds or even thousands of files. A typical computer forensic investigation will often begin by making a copy or “digital image” of the suspected electronic media using specialized forensic tools. This copy includes is of the entire device, not just the files that are active and visible to the user. The free space of the device may contain deleted information, including files, usage history, print jobs, email messages and log entries. This “digitally imaged” copy is used for the forensic exam and is reviewed outside of the normal system, eliminating the constraints of the operating system. Computer forensics examinations are often time consuming; however, many times, they produce some dramatic and unanticipated results, ones that go far beyond what was suspected or indicate additional people were involved.

Given the investments that businesses make on IT infrastructure and staff, it makes perfect sense that executives and managers are able to extrapolate information from your business data that will be recognizable by courts and legal administrators when necessary. Computer forensics blends together the legal and technical aspects of your company data into court acceptable form to support any legal action or investigation. Computer forensics is an increasingly important part of IT security, for both incident response and for preventative inquiries. In business today, it’s imperative that there is a mechanism in place to allow management and legal staffs to use electronic data information for legal purposes to provide a safeguard or plan of action against persons who endanger or seek to perpetrate fraud against your business. With the number of losses increasing, businesses should know how to handle known or even suspected criminal or misuse cases. Suggestions for preserving data for evidence purposes are:

• Contact an expert that has computer security experience
• Limit the number of people that know of the incident to as few as possible
• Do not power the computer on or off until instructed by an expert
• Do not try to investigate yourself, you may destroy evidence
• Try to construct a timeline and notes that include any information about the incident

Additionally, try to secure any other evidence such as removable media including but not limited to USB devices, CD-ROMs, DVDs, diskettes, iPods, digital cameras, etc.

SSC is prepared to help businesses uncover key elements of digital evidence for your computer forensic investigation.

Highlights from the 2007 Computer Crime Survey

COMPUTER SECURITY INSTITUTE (CSI)
 
Some of the key findings from the participants in the 2007 survey are summarized below:

 • 46% percent of respondents reported that they had suffered a security incident, which is down from 53% last year
 • Almost one out of five respondents had at least one security incident, reported that their attacks were “targeted” (defined as a malware attack aimed primarily at their organization or at a small group of organizations)
 • The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year. It had been over five years since the average losses had increased
 • Financial fraud replaced the long-time number one standing of virus attacks as the source of the largest financial losses. System penetration, by outsiders, was another significant cause of loss.
 • Abuse of network access or e-mail by authorized users (such as employees trafficking in pornography or pirated software) was the most widely reported type of incident, even more than virus attacks.
 • The percentage of organizations reporting computer security incidents to law enforcement has increased, now standing at twenty-nine percent

© 2008 SSC, Inc.

Experienced, pro-active, and dedicated to your business.  Contact SSC for a confidential Security Consultation.  Our e-Newsletter: SSC Security Matters.