Personal e-mails at work help spread Love Bug

  • 10 May 2000

In the wake of the Love Bug virus, ICC's Cybercrime Unit today urged companies to discourage employees from using company computers for personal e-mails and advised organizations to tighten security on every system linked to their network.

“The widespread use of company networks for personal e-mails is exactly the kind of practice which allows these viruses to spread,” said Cybercrime Unit Assistant Director, Jon Merrett. “If employers were more vigilant in discouraging personal e-mail abuse at work, viruses like the Love Bug wouldn’t be nearly as devastating.”

The ‘Love Bug’ virus, which swept across the world leaving the computer networks of government and business in chaos, has highlighted the vulnerability of many computer systems to attack.

The Cybercrime Unit is part of ICC’s London-based Commercial Crime Services, which is leading the global fight against maritime crime, counterfeiting and commercial fraud.

“To prevent a repeat of the Love Bug crisis, companies have to realise best practice is the key to prevention,” said Merrett.

According to the Cybercrime Unit, best practice requires more than the regular updating of the existing security systems. The Unit said it is important to involve individual users, promoting vigilance amongst staff and discouraging the use of the network for personal e-mails.

“Many companies operating firewalls may have felt secure from attack, however recent events have shown the need for companies to develop comprehensive and ongoing security policies,” said Merrett. “As viruses and hacking techniques evolve so must the security systems that are in place to protect against them.”

Aled Miles, director of the anti-virus software company Symantec, said that the impact of the virus was exacerbated by lax security standards in many countries. “Only three weeks ago the (UK) Government issued a report showing that fewer than 15 per cent of companies have security policies in place,” he said.

Many firewalls do offer fair protection against conventional hackers. However, computers security experts appear to be in agreement that effective security against disruptive e-mail-borne viruses has to be built into the infrastructure of corporate networks.

Good security blocks suspicious e-mails and alerts the network administrator before they are distributed to the individual users. The use of data mining, which examines patterns and trends for the data sent over a network, can help to identify unusual activity, while Public Key Infrastructure (PKI) can increasingly be incorporated to verify that communications received are from legitimate sources.

Though anti-virus teams may have been quick to develop software fixes to minimize further damage and check the spread of the ‘Love Bug’ virus, nobody is suggesting that the bigger problem has yet been solved.

Industry analysts point out that this latest virus, which follows the denial of service Internet assaults in February, demonstrates the reliance of the global economy on computers and their susceptibility to interference. Among others the websites of Amazon.com and CNN.com were serious ly affected.

Guy Field, technical analyst at brokers Teather and Greenwood, said: “This is the weakness in the new economy: the electronics world is expanding and so are the opportunities for criminal activity. It is likely that we will see more and more of this kind of attack in the future.”

The Internet and e-mail are an integral part of the modern business environment and as e-commerce grows, so too will the dependence of companies on reliable and secure computer systems. There may be no way yet to guard completely against future security breaches. However, companies and organisations that give system security the priority it demands should find their networks less prone to attack by viruses and hackers than those who fail to address the issue.