Return-Path: <sentto-279987-3020-1003271419-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 16 Oct 2001 15:31:07 -0700 (PDT) Received: (qmail 23017 invoked by uid 510); 16 Oct 2001 22:30:00 -0000 Received: from n18.groups.yahoo.com (216.115.96.68) by 204.181.12.215 with SMTP; 16 Oct 2001 22:30:00 -0000 X-eGroups-Return: sentto-279987-3020-1003271419-fc=all.net@returns.onelist.com Received: from [10.1.1.223] by n18.groups.yahoo.com with NNFMP; 16 Oct 2001 22:30:20 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 16 Oct 2001 22:30:19 -0000 Received: (qmail 6307 invoked from network); 16 Oct 2001 22:29:42 -0000 Received: from unknown (10.1.10.27) by 10.1.1.223 with QMQP; 16 Oct 2001 22:29:42 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 16 Oct 2001 22:29:41 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id PAA23977 for iwar@onelist.com; Tue, 16 Oct 2001 15:29:41 -0700 Message-Id: <200110162229.PAA23977@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 16 Oct 2001 15:29:41 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Who's.hacked.off?] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Who's hacked off? By Michael Chissick,; Viv Nissanka, Internet Magazine, 10/16/2001 www.internetmag.com Anyone can get hold of hacking tools these days. Michael Chissick and Viv Nissanka assess the dangers for targeted companies. Hacking can not only cause chaos in the workplace but also be costly in terms of liability for its victims. Direct losses might include the costs of clearing up the computer system loss of business caused by downtime consequences to consider too such as the damage to your corporate reputation if say customer security is breached downstream trading is affected or a highly destructive email virus is passed on to customers. An employer might be liable if one of its staff sends someone an email containing a virus. However it might be arguable that an employer is not liable if this has been done in breach of its internet policy, particularly if the message was personal. In this case the employee might be held directly liable or be disciplined by the employer. At present there is no UK case law directly related to the transmission of computer virus to third parties. Yet it's likely a Court would consider failure to implement standard security measures, such as using the latest software as negligent. The use of up to date virus scanning software would at least demonstrate in a company's defence that care had been taken to try to prevent such a situation. Where there is intentional infection of an internal or external computer system caused by either a compute r virus or hacking a prosecution might be feasible under the Computer Misuse Act 1998. Failure to implement security prevention measures could also violate terms and conditions of existing insurance policies policyholders have continuing obligations under the duty of at most good faith to disclose any potential liability to it s insurer. An insurer is likely to refuse to pay any potential negligence claims in the event of non-disclosure. Although compliance with the British Standard Code of practice for information Security Management is not a statutory requirement, it is a business-led approach that has been designed to tackle the issue of information security and management. The Code outlines a set of best practice controls for businesses to implement. But it has been argued that the Code is Code is cumbersome. This could explain why, as yet only 40 businesses have successfully implemented it in full. Whether or not a company chooses to follow the code, it might be worth considering implementing some of the following preventive measures to minimise the risk of liability. * Implement an Internet and email security policy * Provide staff with the necessary training about security * Carry out effective security checks * Minimise potential routes of infection internally and externally (such as prevent employees from downloading malicious attachments) * Scan all attachment and computer disks using the latest anti-virus software before use * Ensure the regular backup of date. Businesses that haven't already done so should implement damage limitation measures for themselves and for clients and contacts too. Michael Chissick is head of the IT and e-commerce group at City law firm Field Fisher Waterhouse. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:55 PST