Coatings World - October 2013

Protecting the P&C Industry’s Intellectual Assets

altered, but in every other way, including the serial number, the coating appears to be your brand. You’ve been hacked all up and down the place. Trade secrets, like formulations, know-how, branding, internal codes, employee and customer information, business strategies and other sensitive infor-mation… all compromised. And out there somewhere, there’s a website that looks exactly like yours; a parallel universe where your customers are being directed to purchase what appears to be your goods, but they aren’t. And they aren’t good.

It can’t be that easy, can it? In researching for this article, I did a quick Google search. Wikihow popped up first with “How to Hack a Computer” and there it was, step-by-step instructions for getting past a password, getting remote access to a computer and cracking a WIFI password. Yep, that easy.

Of course, firewalls and anti-virus
programs provide some barriers to entry.

But unknowingly, unwittingly, you can take a voluntary action that subjects you to attack. How many times have you popped that custom-designed USB thumb drive into your lapotop after a meeting or trade show? Or provided your USB key to someone to upload a presentation? When you get it back, it might contain a little extra gift...a piece of malicious code, or malware that when plugged back into your computer causes an execution of the infection. Now your networks are exposed, and you are naked before the hackers.

Or it may happen with an e-mail you receive. Recently, I was in the heat of contract negotiations when I received an e-mail from the other attorney that he wanted me to view a Google document using Google Docs. We had been trading documents back and forth so there was really nothing suspicious about it at first. The e-mail sent me to a “Google” site which requested my Google password. When I pushed “enter” I had second thoughts. Indeed, I should have checked with the attorney, because he had been hacked. This is referred to as “spear phishing.” It happens when one party tries to get access to another’s login information by masquerading as a legitimate contact. It can also happen, for example, in the form of a customer inquiry sent to your sales department. Once your employee clicks on the link or downloads the attachment, a vulnerability in the system, such as a word processor or browser will be exploited, allowing the malware to begin executing on the machine and give the hacker access and control over your system. Sometimes, hackers will target a particular website, What are some practical measures that can be taken to prevent hacking? There are many high security tactics to take, however,

not all businesses have the financial wherewithal to install the most sophisticated security systems throughout their systems. But it’s wise to spend some time identifying and compartmentalizing and providing vi-giliant security measures around your most sensitive information. In all cases, though, prudent businesses should do the following.

1. Perform software and browser updates whenever they are released, and check regularly to make sure none have been missed.

2. Install firewalls and anti-virus programs and keep them updated.

3. Install anti-spyware/ adware. Often overlooked as merely a nuisance, this malware can slow down your computer by placing ads on your browser and pop-ups on your programs. The slowdown can result in vulnerabilities in your system allowing a hacker to get through. Your system information could also be sold to others by the spy-ware intruder for malicious purposes.

4. Never click on suspicious or unknown e-mail links. Don’t believe that it’s ok because it looks legit. You’re just one click away from a virus. Think before you click. And delete suspicious or unknown e-mails from your system.

5. Have separate passwords for all your accounts and divisions. Make them tough and use a password manager. These programs will create and store passwords for you.

6. Use two-step verification for social networking sites. A two-step verification requires that you enter a password, and then a verification code is texted to you before allowing you entry.

7. And of course, don’t send e-mails or do banking business over public networks.

Whatever you do, take measures to lock up your sensitive information. Cyber hackers are just thieves, looking for an easy entry point. You lock your doors at night; lock your cyber valuables as well. With proper security, that hacker will likely move on to some unsuspecting victim. And then maybe you won’t find out the hard way about that condo in Singapore you bought that you will never see. CW