Information is very important to a company. It can help to operate a company. It is very dangerous if the company's information be stolen by the information theft. For an example, if the company's product information been stolen by the information theft, he can sell it to their competitor. The competitor will copy it and sell it to the public, it will cause a damage to the company. An information theft is someone who breaks into other computer without authorization. The information theft is becoming increasingly recognized as a crime. It is no limited to an individual any more, now a day they became more professional as they can obtain company information. Phishing is one of the attempts to get someone to reveal their information like account number or security number. Phishing is conducted of the combination of email to lure the victim to visit a bogus website to collect information. The email direct the users to visit a website that they asked to sign up the personal information. However the website is bogus and it set up to steal the user's information only. There are also other techniques for an information theft to obtain company information like snooping, eavesdropping, interception and social engineering.
Snooping is unauthorized access to another company's data. Snooping can include informal observance of an e-mail that appear on another computer screen or watching what someone else is typing. More professional snooping use software program to remotely monitor activity on a network device or computer. Snooping is looking through information hoping to find something important. An information theft will use it try to open files until the information found. Next, eavesdropping is also one of the techniques to obtain the information. Eavesdropping is the unauthorized real time interception of private communication like, phone call, message and fax transmission. Eavesdropping is generally accomplished when file transit from a point to another. An information theft will get into the transmission data. It is possible for an expert information theft to positioning himself at a point which the information passes by. Computer connected to any type network weather local area network or wide area network are vulnerable to eavesdropping. A sniffer is installed on a computer system that is connected to the network. The sniffer then configured to capture all the network traffic. The goal of the eavesdropping is to capture user's ID, password.
Other than that, interception is also one of the techniques. Interception occurs when an information theft directly intercept the information sent. Interception is a difficult operation, it is possible for experienced or professional information theft accomplish only. Software is used that allows the takeover of a session that is in progress. The information theft in the position deciding whether to keep the information or to allow delivery to original destination. Bank account information, salary adjustment of employee can be changed or deleted during the attack. Last, the social engineering. The information theft can gain access to the facility through social engineering. For an example, posing as a legitimate person in an organisation and trick the computer user into giving useful information. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. Every person will secure themselves from a stranger or outsider but it is generally ineffective from preventing a legitimate person from gaining access. Information that is stored in server, desktops, laptops, floppy disk or backup tapes is vulnerable to social engineering attack. An effective deterrent or tracking tool is the installation of access control, where all access to computer is controlled. Proper access control should be in place to deny unauthorized person and unauthorized attempt from gaining access to the computer information.
The information also will be steal by some disgruntled employee, they planning their next move to competitor's company and copy the commercially sensitive material and bring to the competitor. Other than that, some companies also will place a spy to their competitor's company for obtain useful information.
a) How a company can ensure the company information is secured from the information theft
There are a lot of ways to ensure the company information is secured from the information theft. Strong security software is one way to protect the information, strong security software can help to encrypt the information, maintain firewall and protect e-mail account. Remember, it is not enough if just install these hardware and programs, we actually have to use them. For an example, set the anti-virus software to download updates automatically and also program you external hard-drive to automatically back-up the data on a regular basis. Make sure the firewall is always be on, firewall help to block unauthorized access to the computer. Strongest password will be the best to protect the information. For the e-mail account and the computer, strongest password must need. Information theft can use different software to break into the system and access the important information. To stop their password-cracking software, password should be minimum eight characters long consist of numbers, uppercase or lowercase letters and symbols.
Other than that, investing in a good shredder also can help a lot. Business record should never be tossed into trash where can become a bonanza for criminal intent on information theft. The company should be certain all the important records including credit card or bank document are completely destroy by the shredder. The company also can own their access cards, it can help a lot. Access cards can help avoid the outsider come into the company to steal the information. Only the person with the access cards can enter into the company only. When an employee is not longer work for the company, the companies need to ensure that their access to the computer network and company data is cutoff immediately. It can help to prevent those disgruntled employee who trying to steal the company's information for other competitor.
To protect the information on the network or internet, company can use variety of encryption technique. Encryption is a process of converting readable data into unreadable data characters to prevent unauthorized access. In the encryption process, the unencrypted, readable data called Plaintext, and the encrypted data called Ciphertext. To encrypt the data, the originator of the data converts plaintext into ciphertext using an encryption key. In its simplest form, an encryption key is a programmed formula that the recipient of the data uses to decrypt the ciphertext. With the encryption techniques, it can help to prevent the information theft to obtain the company information as they don't know what the words are meaning about.