An ounce of cyber-prevention

Most employees have become accustomed to having high-speed access to the Internet as part of their normal workday. E-mail has become as essential as the telephone to modern business. But the openness that makes the Internet work is also it Achilles heel. When your network is on-line, it is also open to attack.

A new form of attack has emerged in the last few years known as "malware," or malicious adware. These programs fill a user's screen with unwanted pop-up ads offering everything from cheap mortgages to video rentals. The individuals responsible for these programs collect advertising dollars from companies paying for you to see their ads. Most companies paying for these ads are unaware, or simply do not care about, the unscrupulous vehicle delivering the ads.

E-mail is the leading cause of computer attack, which added to the time it takes a typical user just to delete all the unwanted email or spam is a huge drag on productivity. Recent attacks start when a user receives an email stating that "A friend has sent you an e-greeting card." When users click on the link, a program is installed on their computer, similar to a virus, allowing it to become an "ad server." Depending on the program, the user will receive pop up ads several times a minute regardless if they are currently using an Internet browser. The worst of these attacks can require that the user's hard drive be erased and the complete system reloaded to rid it of the infection.

The dollar cost estimates of these attacks to business range from hundreds of millions to hundreds of billions each year, depending on who sorts the limited data available. Regardless of the number, attacks have continued to grow substantially as more and more business depends on the Internet and e-mail.

When systems go down, productivity suffers. An e-mail-borne virus affecting only half of a 20-user network will cost the business a minimum of $1,900 in cash. Since 10 people will be unable to work, your business will lose an average of $67 for each hour the systems are down in employee salaries alone, factoring that as each system is repaired, the hourly cost goes down. Multiply the $67 by the 15 hours it can take to repair all the infected systems for a total salary loss of $1,005.

Average repair costs for this scenario range between $975 and $1,800, depending on your service company. These are hard costs that cannot be passed along to your customers translating to reduced profitability for your company. Many viruses send a copy of themselves to your contact list, which can result in your company landing on an email blacklist until you take the time-consuming steps to prove that your systems are no longer infected.

Employee training and an Internet use policy are your first line of defense. Users need to understand the difference between legitimate ads and those that sound too good to be true. Never open e-mail attachments you are not expecting and be wary of ads promising unlikely rewards. The criminals that write these programs work tirelessly to keep ahead of the anti-virus software industry, limiting their effectiveness in combating newly created variations of illegitimate programs.

A new breed of network protection devices has emerged to combat this growing problem. "Universal Threat Management Devices" or UTMs inspect every bit of data coming into the network, scanning for viruses, adware, spam, phishing attacks, and malware. Since these devices sit between your users and the Internet, they can prevent the majority of "controllable" issues. Typical cost for a 10 user UTM runs from $750 to $1,500 depending on the type of device and the level of protection desired. A user could still infect the system with a virus contained on a pen drive or floppy disk, although nearly all viruses transmitted by fixed media will be detected by current virus protection software on the desktop.

Business owners and managers who take this threat seriously can eliminate the leading cause of downtime to their computer infrastructure allowing employees to keep their connection to the Internet while protecting the bottom line of the company. For those who don't, it is just a matter of time before business comes to a screeching halt from down systems.

Speak to your computer service provider to find out if your network is adequately protected. Make sure that they understand the threats and are prepared to deliver solutions to protect your business. "An ounce of prevention" has never been more important to making sure your business continues to flourish rather than flounder in the age of the Internet.

Roger Stockton is the chief technology officer and senior systems engineer of Innovative Networks Inc. in Reno. Contact him at 882-4108 or RStockton@InnovativeNetworks.US.