Internet users `wide open to fraud'

Many organisations are leaving themselves open to fraud as they rush to jump on to the Internet bandwagon, the accountancy firm Deloitte & Touche warns.

It says that, though most organisations have prepared documents outlining their Internet strategies, complete with benefits, costs and use, few have considered the security implications. Even those that have are often preoccupied with one or two particular areas of risk, remaining vulnerable in others.

"Security considerations should always be an integral part of the analysis of the benefits of Internet technology, not an optional extras to be included in the footnote of the Internet strategy," says Alan Bray, partner in Deloitte's forensic services operation.

He adds in "Inside Fraud", the firm's quarterly analysis of business crime: "The lack of security may lead to unauthorised access which can, in turn, lead to fraud involving corporate data, damage to systems and even unauthorised changes to web pages."

In order to ensure that an investment in the Internet is both appropriate for a particular business and secure in terms of the environment in which the business is operating, it usually pays to seek the advice of professionals aware of the latest issues in this area, Mr Bray says.

Particular attention should be paid to the services associated with Internet access and the security issues surrounding them. Those include the telephone, the connection from the Internet service provider, training, the firewall installation and the Web server maintenance contract. Organisations should ask themselves what passwords they have shared with service contractors and who knows everything about their computer "environment".

The article points out that various organisations have called for legislation to cover the theft of electronic information and the establishment of an Internet Crime Group and that others are exploring ways of combating "cybercrime".

At the very least, organisations should regularly review Internet security to ensure that procedures are keeping pace with new challenges and threats and that best practice is followed by both technical staff and users.

Mr Bray concludes: "To understand much current security practice, you have to imagine a shopkeeper carefully installing an expensive metal grille, infra-red camera and burglar alarm to protect his premises - and then going off on holiday leaving his back door invitingly wide open"

Roger Trapp