{"id":11264,"date":"2018-05-29T23:31:56","date_gmt":"2018-05-29T23:31:56","guid":{"rendered":"https:\/\/courses.lumenlearning.com\/wmintrobusiness\/?post_type=chapter&p=11264"},"modified":"2018-07-10T16:10:12","modified_gmt":"2018-07-10T16:10:12","slug":"reading-security-issues-in-electronic-communication","status":"publish","type":"chapter","link":"https:\/\/courses.lumenlearning.com\/wmintrobusiness\/chapter\/reading-security-issues-in-electronic-communication\/","title":{"raw":"Reading: Security Issues in Electronic Communication","rendered":"Reading: Security Issues in Electronic Communication"},"content":{"raw":"
\r\n

Security Issues in Electronic Communication<\/h2>\r\n

E-commerce has presented businesses with opportunities undreamt of only a couple of decades ago. But it also has introduced some unprecedented challenges.<\/p>\r\nhttps:\/\/youtu.be\/MHy8gKEmE48\r\n\r\nFor one thing, companies must now earmark more than 5 percent of their annual IT budgets for protecting themselves against disrupted operations and theft due to computer crime and sabotage. The costs resulting from cyber crimes\u2014criminal activity done using computers or the Internet\u2014are substantial and increasing at an alarming rate. A 2010 study of forty-five large U.S. companies revealed that the median cost of cybercrime for the companies in the study was $3.8 million a year.<\/span> And some cybercrimes involve viruses that can spread rapidly from computer to computer creating enormous damage. It\u2019s estimated, for example, that damage to 50,000 personal computers and corporate networks from the so-called Blaster worm in August 2003 totaled $2 billion, including $1.2 billion paid by Microsoft to correct the problem.<\/span> The battle against technology crime is near the top of the FBI\u2019s list of priorities, behind only the war against terrorism and espionage.<\/span> In addition to protecting their own operations from computer crime, companies engaged in e-commerce must clear another hurdle: they must convince consumers that it\u2019s safe to buy things over the Internet\u2014that credit-card numbers, passwords, and other personal information are protected from theft or misuse. In this section, we\u2019ll explore some of these challenges and describe a number of the efforts being made to meet them.\r\n\r\n<\/div>\r\n

\r\n

Data Security<\/h3>\r\nIn some ways, life was simpler for businesspeople before computers. Records were produced by hand and stored on paper. As long as you were careful to limit access to your records (and remembered to keep especially valuable documents in a safe), you faced little risk of someone altering or destroying your records. In some ways, storing and transmitting data electronically is a little riskier. Let\u2019s look at two data-security risks associated with electronic communication: malicious programs<\/em> and spoofing<\/em>.\r\n
\r\n

Malicious Programs<\/h3>\r\nSome people get a kick out of wreaking havoc with computer systems by spreading a variety of destructive programs. Once they\u2019re discovered, they can be combated with antivirus programs that are installed on most computers and that can be updated daily. In the meantime, unfortunately, they can do a lot of damage, bringing down computers or entire networks by corrupting operating systems or databases.\r\n
\r\n

Viruses, Worms, and Trojan Horses<\/h3>\r\nThe cyber vandal\u2019s repertory includes \u201cviruses,\u201d \u201cworms,\u201d and \u201cTrojan horses.\u201d Viruses and worms are particularly dangerous because they can copy themselves over and over again, eventually using up all available memory and closing down the system. Trojan horses are viruses that enter your computer by posing as some type of application. Some sneak in by pretending to be virus-scanning programs designed to rid your computer of viruses. Once inside, they do just the opposite.\r\n\r\n<\/div>\r\n<\/div>\r\n
\r\n

Spoofing<\/h3>\r\nIt\u2019s also possible for unauthorized parties to gain access to restricted company Web sites\u2014usually for the purpose of doing something illegal. Using a technique called \u201cspoofing,\u201d culprits disguise their identities by modifying the address of the computer from which the scheme has been launched. Typically, the point is to make it look as if an incoming message has originated from an authorized source. Then, once the site\u2019s been accessed, the perpetrator can commit fraud, spy, or destroy data. You could, for example, spoof a manufacturing firm with a false sales order that seems to have come from a legitimate customer. If the spoof goes undetected, the manufacturer will incur the costs of producing and delivering products that were never ordered (and will certainly never be paid for).\r\n\r\nEvery day, technically savvy thieves (and dishonest employees) steal large sums of money from companies by means of spoofing or some other computer scheme. It\u2019s difficult to estimate the dollar amount because many companies don\u2019t even know how much they\u2019ve lost.\r\n\r\n<\/div>\r\n<\/div>\r\n
\r\n

Revenue Theft<\/h3>\r\nIn addition to the problems of data security faced by every company that stores and transmits information electronically, companies that sell goods or provide services online are also vulnerable to activities that threaten their revenue sources. Two of the most important forms of computer crime are denial of service<\/em> and piracy<\/em>.\r\n
\r\n

Denial of Service<\/h3>\r\nA denial-of-service attack does exactly what the term suggests: it prevents a Web server from servicing authorized users. Consider the following scenario. Dozens of computers are whirring away at an online bookmaker in the offshore gambling haven of Costa Rica. Suddenly a mass of blank incoming messages floods the company\u2019s computers, slowing operations to a trickle. No legitimate customers can get through to place their bets. A few hours later, the owner gets an e-mail that reads, \u201cIf you want your computers to stay up and running through the football season, wire $40,000 to each of 10 numbered bank accounts in Eastern Europe.\u201d\r\n\r\nYou\u2019re probably thinking that our choice of online gambling as an example of this scheme is a little odd, but we chose it because it\u2019s real: many companies in the online-gambling industry suffer hundreds of such attacks each year. Because most gambling operations opt to pay the ransom and get back to business as usual, denial of service to businesses in the industry has become a very lucrative enterprise.\r\n\r\nOnline gambling operations are good targets because they\u2019re illegal in the United States, where they can\u2019t get any help from law-enforcement authorities. But extortionists have been known to hit other targets, including Microsoft and the Recording Industry Association of America. The problem could become much more serious if they start going after e-commerce companies and others that depend on incoming orders to stay afloat.\r\n\r\n<\/div>\r\n
\r\n

Piracy<\/h3>\r\nTechnology makes it easier to create and sell intellectual property, but it also makes it easier to steal it. Because digital products can be downloaded and copied almost instantly over the Internet, it\u2019s a simple task to make perfect replicas of your favorite copyright-protected songs, movies, TV shows, and computer software, whether for personal use or further distribution. When you steal such materials, you\u2019re cheating the countless musicians, technicians, actors, programmers, and others involved in creating and selling them. Theft cuts into sales and shrinks corporate profits, often by staggering amounts. Entertainment-industry analysts estimate that $30 billion worth of songs were illegally downloaded in the five year period ending in 2009. The software industry estimates that the global market for pirated software reached $59 billion in 2010.<\/span>\r\n\r\nSo, what\u2019s being done to protect the victimized companies? Actually, quite a lot, even though it\u2019s a daunting task, both in the United States and abroad. <\/span>In 1998, Congress passed the Digital Millennium Copyright Act, which outlaws the copying of copyright-protected music (unless you\u2019re copying legally acquired music for your own use). The penalties are fairly stiff: up to three years in prison and $250,000 in fines. To show that it means business, the music industry is also hauling offenders into court, but legal action is costly and prosecuting teenage music lovers doesn\u2019t accomplish much. Some observers believe that the best solution is for the industry to accelerate its own efforts to offer its products online. Initial attempts seem to be working: people who are willing to obey copyright laws have downloaded more than ten billion songs from the iTunes site alone.<\/span>\r\n
\r\n

Firewalls<\/h3>\r\nBuilders install firewalls (or fireproof walls) in structures to keep a fire that starts in one part of a building from entering another part. Companies do something similar to protect their computer systems from outside intruders: they install virtual firewalls\u2014software and hardware systems that prevent unauthorized users from accessing their computer networks.\r\n\r\nYou can think of the firewall as a gatekeeper that stands at the entry point of the company\u2019s network and monitors incoming and outgoing traffic. The firewall system inspects and screens all incoming messages to prevent unwanted intruders from entering the system and causing damage. It also regulates outgoing traffic to prevent employees from inappropriately sending out confidential data that shouldn\u2019t leave the organization.\r\n\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n
\r\n

Risks to Customers<\/h3>\r\nMany people still regard the Internet as an unsafe place to do business. They worry about the security of credit-card information and passwords and the confidentiality of personal data. Are any of these concerns valid? Are you really running risks when you shop electronically? If so, what\u2019s being done to make the Internet a safer place to conduct transactions? Let\u2019s look a little more closely at the sort of things that tend to bother some Internet users (or, as the case may be, nonusers), as well as some of the steps that companies are taking to convince people that e-commerce is safe.\r\n
\r\n

Credit-Card Theft<\/h3>\r\nOne of the more serious barriers to the growth of e-commerce is the perception of many people that credit-card numbers can be stolen when they\u2019re given out over the Internet. Though virtually every company takes considerable precautions, they\u2019re not entirely wrong. Cyber criminals, unfortunately, seem to be tirelessly creative. One popular scheme involves setting up a fraudulent Internet business operation to collect credit-card information. The bogus company will take orders to deliver goods\u2014say, Mother\u2019s Day flowers\u2014but when the day arrives, it will have disappeared from cyberspace. No flowers will get delivered, but even worse, the perpetrator can sell or use all the collected credit-card information.\r\n\r\n<\/div>\r\n
\r\n

Password Theft<\/h3>\r\nMany people also fear that Internet passwords\u2014which can be valuable information to cyber criminals\u2014are vulnerable to theft. Again, they\u2019re not altogether wrong. There are schemes dedicated entirely to stealing passwords. In one, the cyber thief sets up a Web site that you can access only if you register, provide an e-mail address, and select a password. The cyber criminal is betting that the site will attract a certain percentage of people who use the same password for just about everything\u2014ATM accounts, e-mail, employer networks. Having finagled a password, the thief can try accessing other accounts belonging to the victim. So, one day you have a nice cushion in your checking account, and the next you\u2019re dead broke.\r\n\r\n<\/div>\r\n
\r\n

Invasion of Privacy<\/h3>\r\nIf you apply for a life-insurance policy online, you may be asked to supply information about your health. If you apply for a mortgage online, you may be asked questions about your personal finances. Some people shy away from Internet transactions because they\u2019re afraid that such personal information can be stolen or shared with unauthorized parties. Once again, they\u2019re right: it does happen.\r\n
\r\n

How Do \u201cCookies\u201d Work?<\/h2>\r\nIn addition to data that you supply willingly, information about you can be gathered online without your knowledge or consent.<\/span> Your online activities, for example, can be captured by something called a cookie<\/em>. The process is illustrated below in Figure 1, \"How Cookies Work.\" When you access a certain Web site, it sends back a unique piece of information to your browser, which proceeds to save it on your hard drive. When you go back to the same site, your browser returns the information, telling the site who you are and confirming that you\u2019ve been there before. The problem is not that the cookie can identify you in the same way as a name or an address. It is, however, linked to other information about you\u2014such as the goods you\u2019ve bought or the services you\u2019ve ordered online. Before long, someone will have compiled a profile of your buying habits. The result? You\u2019ll soon be bombarded with advertisements targeted to your interests. For example, let\u2019s suppose you check out the Web site for an online diet program. You furnish some information but decide that the program is not for you. The next time you log on, you may be greeted by a pop-up pushing the latest miracle diet.\r\n\r\n[caption id=\"attachment_11367\" align=\"aligncenter\" width=\"1583\"]\"You Figure 1. How Cookies Work[\/caption]\r\n\r\n
\r\n\r\nCookies aren\u2019t the only form of online espionage. Your own computer, for example, monitors your Internet activities and keeps track of the URLs that you access.\r\n\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n
\r\n

Shoring up Security and Building Trust<\/h2>\r\nSo, what can companies do to ease concerns about the safety of Internet transactions? First, businesses must implement internal controls for ensuring adequate security and privacy. Then, they must reassure customers that they\u2019re competent to safeguard credit-card numbers, passwords, and other personal information. Among the most common controls and assurance techniques, let\u2019s look at encryption<\/em> and seals of assurance<\/em>.\r\n
\r\n

Encryption<\/h3>\r\nThe most effective method of ensuring that sensitive computer-stored information can\u2019t be accessed or altered by unauthorized parties is encryption<\/span><\/span>\u2014the process of encoding data so that only individuals (or computers) armed with a secret code (or key) can decode it. Here\u2019s a simplified example: You want to send a note to a friend on the other side of the classroom, but you don\u2019t want anyone else to know what it says. You and your friend could devise a code in which you substitute each letter in the message with the letter that\u2019s two places before it in the alphabet. So you write A as C and B as D and so on. Your friend can decode the message, but it\u2019ll look like nonsense to anyone else. This is an oversimplification of the process. In the real world, it\u2019s much more complicated: data are scrambled using a complex code, the key for unlocking it is an algorithm, and you need certain computer hardware to perform the encryption\/decryption process.\r\n
\r\n

Certificate Authorities<\/h3>\r\nThe most commonly used encryption system for transmitting data over the Internet is called secure sockets layer<\/em> (SSL). You can tell whether a Web site uses SSL if its URL begins with https<\/em> instead of http<\/em>. SSL also provides another important security measure: when you connect to a site that uses SSL (for example, your bank\u2019s site), your browser will ask the site to authenticate itself\u2014prove that it is who it says it is. You can be confident that the response is correct if it\u2019s verified by a certificate authority<\/span><\/span>\u2014a third-party (such as VeriSign) that verifies the identify of the responding computer and sends you a digital certificate of authenticity stating that it trusts the site.\r\n
\r\n
\r\n

KEY TAKEAWAYS<\/h3>\r\n
    \r\n \t
  • Though a source of vast opportunities, e-commerce<\/strong>\u2014conducting business over the Internet\u2014also presents some unprecedented challenges, particularly in the area of security.\r\n
      \r\n \t
    • Malicious programs<\/em>, such as viruses and worms, can wreak havoc with computer systems.<\/li>\r\n \t
    • Unauthorized parties may gain access to restricted company Web sites in order to steal funds or goods.<\/li>\r\n \t
    • Firewalls<\/strong>\u2014software and hardware systems that prevent unauthorized users from accessing computer networks\u2014help to reduce the risks of doing business online.<\/li>\r\n<\/ul>\r\n<\/li>\r\n \t
    • Companies that do business online are also vulnerable to illegal activities.\r\n
        \r\n \t
      • A denial-of-service attack<\/em>, for example, prevents a Web server from servicing authorized users; the culprit demands a ransom to stop the attack.<\/li>\r\n \t
      • Companies that use the Internet to create and sell intellectual property (such as songs, movies, and software) face the problem of piracy<\/em>.<\/li>\r\n \t
      • The theft of digital products, which can be downloaded and copied almost instantly over the Internet, not only cheats the individuals and organizations that create them, but also reduces sales and shrinks corporate profits.<\/li>\r\n<\/ul>\r\n<\/li>\r\n \t
      • Finally, online businesses must convince consumers that it\u2019s safe to buy things over the Internet\u2014that credit-card numbers, passwords, and other personal information are protected from theft.<\/li>\r\n \t
      • One effective method for protecting computer-stored information is encryption<\/strong>\u2014the process of encoding data so that only individuals (or computers) armed with a secret code (or key) can decode it.\r\n
          \r\n \t
        • A commonly used encryption scheme is a secure sockets layer<\/em> (SSL), which directs the user\u2019s browser to ask a site to authenticate itself.<\/li>\r\n \t
        • Often, the user receives a digital certificate of authenticity, verifying that a third-party security provider called a certificate authority<\/strong> has identified a computer.<\/li>\r\n<\/ul>\r\n<\/li>\r\n<\/ul>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>\r\n<\/div>","rendered":"
          \n

          Security Issues in Electronic Communication<\/h2>\n

          E-commerce has presented businesses with opportunities undreamt of only a couple of decades ago. But it also has introduced some unprecedented challenges.<\/p>\n