Police, security experts and lawyers are warning IT
departments to be on their guard against corporate data theft as
companies wind down their operations over the Christmas
holidays.
Law firm Mishcon de Reya said data theft was the fastest growing
area of corporate fraud and featured in one in every three fraud
cases investigated by the firm.
The Metropolitan Police's Computer Crime Unit said that although
hacking and virus attacks tend to slow down over Christmas,
businesses were at greater risk from internal attacks on company
data.
Detective inspector Chris Simpson, who heads the unit, said,
"Companies usually have a skeleton staff in their offices over the
festive period. While there are many reasons for a physical
presence in the office, managers must be acutely aware that
unsupervised staff may be much more able to abuse internal
systems."
Customer lists, contact databases, proprietary company
information and computer software were favourite targets for theft,
said Dan Morrison, a partner in Mishcon de Reya's investigations
and asset recovery unit.
The firm urged businesses to take steps such as locking down USB
ports and CD drives on PCs, and configuring printers so they cannot
be used to print out reams of information. Databases could be
protected by inserting "digital fingerprints", such as fictitious
names and addresses, he said.
"You can organise your legal contractual documentation to allow
you to monitor people's e-mail, phone calls and audit home
computers, if necessary," Morrison added.
US security research body the Sans Institute last month revealed
that criminal gangs have begun exploiting holes in desktop and
enterprise software.
In addition to guarding against this threat, Sans Institute
director Alan Paller warned that firms are also likely to be
targeted by fraudsters sending e-mails purporting to raise funds
for charities. They may be either designed to defraud the recipient
or introduce malware such as viruses onto PCs.
Businesses are also more likely to be the target of fraudulent
credit card transactions in the run up to Christmas. "Companies get
a rash of transactions using stolen credit cards at this time
because criminals assume the normal defences are lowered to handle
the rush of orders," said Paller.
Royal Mail is running a campaign to alert staff to the increased
risks of losing laptop PCs over the Christmas period, said David
Lacey, the firm's director of information security.
Paul Simmonds, global information security director at ICI, said
a major concern was staff sending seasonal jokes and screensavers
which had the potential to be malware. It can take anti-virus
suppliers two weeks to update their signatures when staff return to
work to find new viruses in their inboxes, he said.
The profusion of new home PC systems over Christmas could pose a
longer-term security threat to businesses, said Richard Starnes,
president of the Information Systems Security Association. "New
computers can be infected in less than the time it takes to
download up-to-date security patches," he said.
These infected home computers could be used by hackers to launch
denial of service attacks against businesses, he said.
Sober X worm will strike in January
A new variant of the Sober worm is set to strike in the first
week of the new year. The worm, which is widespread on the
internet, has been programmed to download new malicious code to
infected machines on 5 January. Earlier this month a version of the
worm slowed the internet dramatically. Anti-virus experts have not
been able to tell whether the latest Sober X worm will pose a
serious threat to businesses.