Companies have to trust employees, consultants, and business partners, but this group presents
the greatest security threats. Natural disasters are a threat to the physical assets, but
their business damage can be minimized by having up-to-date backups, and a disaster plan
with arrangements to run operations offsite if a disaster strikes. The Internet provides more
avenues of attack for outsiders—particularly from viruses spread through e-mail messages.
The best defenses are to install all current operating system patches, to assign access rights
carefully, and to monitor the computer usage with an intrusion detection system. However,
denial of service attacks are particularly hard to prevent. Encryption protects data during transmission. It is particularly useful for sending credit
card data over the Internet. It can also be used to provide digital signatures that authenticate
users to validate the source of messages. The flip side of conducting more business on the Internet is a potential loss of privacy.
Partly because of the way the Internet works, and partly because of the need for security,
businesses track individual users. Some firms track people even further—to the point of
recording most websites that they visit. With almost no laws, these companies are free to
market this information to other companies. Some individuals may object to this loss of privacy.
Without supervision, businesses have an obligation to establish clear and reasonable
privacy policies—and to stick by those policies. Encryption technology also makes it possible to have anonymity servers, so people can
pay a fee to have an untraceable Internet presence. While it does protect privacy, this technology
raises some unresolved societal issues in terms of the potential for harassment and
criminal activities. | 
2003 McGraw-Hill Higher Education