How to Eliminate Spyware to Protect Your Business
Saturday, August 25, 2007; 12:19 AM
IT security experts warn that spyware is rapidly moving from personal computers to business networks connected to the Internet. The National Cyber Security Alliance reports that nearly nine out of every 10 home computers contains spyware. Similarly, Web usage by workers on the job is now giving IT teams security headaches.
Spyware is quickly becoming a high level security problem for businesses large and small. It does more than just steal information about your computing habits. It robs you of system speed and Internet access efficiency. Spyware can introduce threats to companies including data theft, legal liability, reduced employee productivity and public relations nightmares.
Technology and Media Blog
From TiVo to YouTube, iPods to ID theft, The Post's tech staff reports from the crossroads of technology and culture.
• Slowdown for Venture Capital World, But Not Quite a Nuclear Winter--Yet • Local Firms Get Glimpse of NASA • Mixx Reaches The One-Year Mark • Tech Blog: More Posts  Sign Up for RSS Feed Latest Stories From PCWorld.com: •
EMC Blesses Emulex FCoE Adapters • Will the Real Spam King Please Stand Up? • 'Experimental' Security Fix Is Malware, Microsoft Says • Free Wireless Band Passes FCC Tests |
While spyware may seem similar to viruses and worms, it is much different. Spyware tends to propagate differently and is generally more resistant to quick-and-easy removal than most viruses. That is why the best solutions aren't found in antivirus packages, even if they include basic spyware-blocking features. Separate desktop products are available to identify and remove spyware. But managing standalone desktop software across a company can be complex and time-consuming, so these solutions are not always ideal for businesses. Successful defense requires establishing usage policies and management procedures and implementing an automated anti-spyware solution that offers flexibility, low maintenance and centralized controls.
Spyware is a program that is installed, with or without the user's permission, and can monitor computer activity while broadcasting the information back to an outside party that controls the program.
Spyware comes in many shapes and sizes. Some types of spyware are simply an annoyance causing increased spam or unwanted pop-ups, while others can threaten your company's security and increase your liabilities. These pests often lurk silently on your computer until someone or something sets them off. Spyware can do more than steal personal information.
Think of all the confidential and proprietary information that may be contained in your company's computers:
Spyware may reside on PCs inside your organization or on the laptops and home PCs that employees use outside of the office. Keyloggers can monitor passwords and other access information and pass them onto third parties who may compromise company security or cause embarrassment, or worse, by revealing client, customer or employee information. At the very least, it can rob your system of its speed, stability and Internet access efficiency.
Common Pest categories include:
Legal Risks From Spyware
One of the greatest liability risks from computer Pests comes when crooks take advantage of someone else's computer facility to cause harm to others. The law might hold an organization vicariously accountable for the actions or consequences of a malicious person who executes a computer Pest through the organization's information resources.
A computer Pest might be a hacker tool planted by a company's own employee to enable him to hack into other sites. Such hacking exposes the company to significant liability. In May 2000, the operator of a financial website, Wall Street Source, sued a competitor, IPO.com, when one of its employees allegedly used a stolen password to access Wall Street Source's site and alter or falsify information. Wall Street Source sought $800,000 in actual damages and $5 million in punitive damages.
Alternatively, a computer Pest could be a Trojan horse or other malicious software, which would damage a business computer system and prevent it, for example, from serving the company's customers as promised. Even if it did not condone or know about the Pest, an organization hosting it might be liable for negligence for failing to exercise reasonable care not to cause foreseeable injury to someone else.
