To deal with hackers who break through office systems through the Internet it is
important for information managers to understand their enemy well. If they have
sound background knowledge about hackers, they might be prepared to deal with
them in a much more effective method. Hackers are very educated often mostly
university or high school students who try to break through systems for which
they have no authorization. They deal poorly with people, have few friends and
less relationships, but at the same time are very smart. Therefore they revert
to computers because they know computers will not reject them. With bulletin
board communication they can form social relationships but those are behind the
screen, where hackers feel shielded. (Pfleeger, pp.12-13) Hackers justify the
crime of cracking through systems by stating that nobody gets hurt in this
situation. Hacking can be done without having a conflict with any human. Hackers
also usually work in groups, and when they do so they become more dangerous to
office systems. By sharing information they manage to put together a solution
that would allow them to break in a office system. The news media has labeled
hackers as mere children who play pranks. (Pfleeger, p.13) Even Amy Wohl who is
a noted information systems consultant states that “the hacker risk is the
smallest of the computer crime risks.” (Ray, p. 440) Amy Wohl’s statement is
incorrect because due to the hacking of automated office systems millions of
dollars in damages have occurred. According to the American Society for
Industrial Security (ASIS) the increase attacks by hackers through the Internet
has jumped to 323% since 1992. Total losses to the U.S. industry are
approximately $2 billion per month. Thus it is very essential for information
managers to know about the different problems hackers can create for automated
office systems through the Internet. (Anthes “Hack Attack.”, p.81) One of
the main problems that hackers can cause is that they can break into office
electronic mail (e-mail) messages. This can be especially dangerous for those
office systems who use electronic mail as their main source of communication..
Electronic mail on the Internet is as confidential as a postcard. After the
sender transmits the message, it travels from one network to another until it
reaches its recipient. Therefore, hackers can easily break into electronic mail
while it is traveling towards its destination. Further, when it reaches the
recipient there will not be any evidence of tempering with the e-mail. (Rothfeder
, p. 224-225) Another tool that hackers use is called a sniffer. A software
which can be easily planted in an organizations system, works like a concellead
recorder and captures e-mail messages as they are exchanged. (Behar, p.35)
Hackers value e-mail because it contains valuable information. They can find
anything from secret strategic plans to log-in passwords required to get into
the office system. Once they have this vital information, hackers can have
access and cause major damage to the office system. (Rothfeder, p. 225) One of
the victims of e-mail hacking was Wind River Systems. A software company, Wind
River Systems has a communication system where they exchange e-mail with
customers on the Internet. By trying a few passwords on the office system,
hackers were able to access the system of Wind River Systems in California and
France. When a expensive bill for accessing the Internet came to Wind River
Systems, they found that hackers had gotten in their communication system. Wind
River Systems discovered that due to the intrusions hackers obtained programming
codes which could have the potential to hurt future performance of the company.
(Behar, p.33) Penetrating electronic mail is just one way hackers intrude and
destroy office systems. Banks who have established office system that provide
online banking services to clients also face problems. One of the first Internet
banks, Security First Network had to stop hackers from electronically breaking
into account files in the first few months of its operations. In addition,
Citibank’s office system was also hacked when a Russian hacker electronically
transferred $11 million from New York to Finland, Israel, and California. These
incidents leaves many banks in doubt whether they should have systems that are
capable of providing customer service on the Internet. Instead, banks such as
Chase Manhattan are collaborating with companies like Checkfree, Intuit, and
Microsoft. The reason is that these companies offer private consumer banking
networks that have powerful security schemes. Thus the cost of office automation
would be justified because hackers will not find it easy to break into the
banking networks protected by such firms as Microsoft. In contrast, other
financial institutions such as Bank of America are willing to take the chance
and implement their systems so that they are capable of providing better
services to customers on the Internet. (Rothfeder, p. 229) One more deadly
tactic that hackers can employ against office systems is stop their connection
to the respective Internet serviece provider (ISP) that host almost a thousand
corporate web sites. This method is called denial of service whereby hackers
interfere with the office system communication such that office systems cannot
gain accesss to its ISP. When office systems communicate with their ISPs they
use a three-way handshake process whereby they first send a signal, the ISP
receives that signal, and then the ISP re-sends the signal to the office system
so that a connection can be established. Hackers have found a way to disrupt
this process by interfering with the last part of the three-way handshake.
Instead of the signal going back to the office communication system the hacker
directs it to another direction. Thus, the office communication system never
connects to its ISP and therefore cannot obtain mail or connect to other web
sites. The nature of this attack creates ineffectiveness for office systems who
have implemented the Internet as part of their communication systems. There is
no use for a communication system which cannot be used. Furthermore, if Hackers
can’t break into the system they can make many services of the Internet
unavailable to the office. violates one of the goals of information security.
This presents a serious challenge to office automation specialist who must
realize now that even if their communication systems are tamper proof hackers
can still deny them external communication. (Cobb, pp. 37-38) To combat the
attacks of hackers, office automation specialist can employ a number of tactics
that would ensure that their office systems remain safe. Certain guidelines and
technologies can be applied by information managers when they are in the
analysis and design phase of office automation. To begin with, information
managers must maintain guidelines that minimize risk when using the Internet.
These guidelines can be in the form of rules for employee Internet usage. The
main intent of these guidelines is to limit the use of Internet for business
purposes only. Most employees use the Internet for personal reasons such as when
they surf sex and pornographic material on the Internet. This not only creates
security leaks for the office system, but also makes Olson’s Theory a strong
phenomena in the office environment. Employees are less productive in their work
which results in soft dollar loses for the company. Nonetheless, controlling
employee use of the Internet is nonproductive. The solution is to educate
employees about the proper use of the Internet, explain them the disadvantage
that occur if the Internet is used improperly, yet at the same time accept the
fact that employees will still look at web sites that are not business related.
Nevertheless, it is wise to develop detailed Internet polices in terms of usage
so that employees know the consequences of wrong abuse. (Wagner, p.55) According
to Barry Weiss, a partner at Gordon & Glickson, a Chicago law firm that
specializes in information technology legal issues, for the Internet to be used
as a effective tool for communication companies need “to define policies and
procedures to avoid risk.” (Wagner, p.58) Another method in which companies
can protect their office systems from hackers is by asking employees to develop
and maintain smart passwords. Employees should not write down their passwords
and leave them near a computer. They should create password which relate to
people closely related to them. Also they should not share their password with
anyone and near should they store their passwords in the computer. Passwords
become hard to crack by hackers when they have both upper case and lower case
letters as well as digits and special characters. Further, the should be long
and should be able to keyed in quickly so one can follow when typing on the
keyboard. (Icove, pp.135-136) Having strict guidelines is one solution to
minimize hacker intrusions. Employing technologies is another solution to
accomplish the same goal. One specific technology to implment in the office
network is called firewall. This tool combines the technology of hardware and
software and functions by protecting the office network when it is connected to
the Internet. A firewall analyzes data and accepts only the data that is
approved by the information manger. The firewall collects all users in one area
and views whether they are performing an approved activity such as sending
electronic mail to clients. Since all the activity has to pass and be approved
through one checkpoint this tool is useful for controlling data and keeping logs
of the user’s activity. Adding a firewall in the office system can be done in
two ways. It can be purchased as a package from a vendor or it can be built.
Logically it is cheaper to build a firewall, a good choice for those information
mangers who are operating on a strict budget. (Anderson, pp. 106, 108) When
buying a firewall from vendors it can get very confusing since there are a lot
of varieties and costs that each vendor offers. There are more than 40 vendors
in the market who offer new releases in less than a year. However, this trend is
also changing. The National Computer Security Association (NCSA) has developed a
program which will make it easier for information managers to select a firewall
from numerous packages. It will do that by establishing performance standard
needed for an effective firewall. Based on this criteria it will test and
certify those firewall packages which meet its criteria. The certification
concentrates on security threats that are high to a automated office systems.
This includes how often the hackers attack the firewall, how easily they can
penetrate the firewall and how much damage they cause once they penetrate the
firewall. Naturally, the lower the frequency in these criteria the more chance
for the firewall package being passed. Besides certifying firewall the NCSA will
also collaborate with vendors to create standard language for firewall and
publish more documentation so information managers have a chance to make a
better decision when they are thinking to implement firewall in their office
systems. (Anthes, “Firewall chaos.” P.51) A firewall is not the ultimate
solution because it can’t keep out viruses or traffic that goes to the
internal network though another connection, however “it is still the most
effective was to protect a network that’s connected to the Internet”
(Anderson, p.106) Another method to protect data is the use of encryption
technology. This comes especially useful when data is sent through external
communication systems where there are great chances for it to be intercepted by
hackers. Electronic mail can greatly benefit from this technology. Encryption is
a software program which creates a key with two divisions. One is the public key
and one is the private key. The public key is given to those with whom
communication is usually conducted. After writing the electronic mail the
message is encrypted with the recipients public key. Due to encryption there is
a digital lock placed on the message, so even if a hacker intercepts the mail
while it is traveling to the recipient, the contents of the message are
unobtainable. Upon receiving the message the recipient uses the software to
verify that the recipients public key was used to encrypt the mail. After the
confirmation the software decrypts the encrypted message using the private key
of the recipient. (Rothfeder, pp. 224-225) Moreover, two high tech companies
have teamed up to develop a hardware based encryption technology. This is
specially targeted to make electronic commerce more safer to carry out over the
Internet. Separating the encryption functions from the processor and handling
them through another hardware piece will make it much harder for hackers to
intercept office data and also free up much processing power required to encrypt
large important business documents. Multiple applications can use this
encryption peripheral to make their data safe. If hackers attempt to break into
the hardware encryption device the data will be immediately deleted and thus
would be useless for the hackers. (Vijayan, p.45) Lastly, corporations can
out-source their security needs to special computer security firms who
specialize against hacker intrusion. One such company is Pilot Network Services.
Pilot’s client hook their office system networks to the company’s service
centers around the country. This way Pilot is able to supply supervised Internet
access. The system is run by a team of electronic specialist who monitor it on a
24 hour basis. Happy clients such as Twentieth Century Fox value Pilot’s
services because they get around 30 intrusions daily which they are able to
block. Sometimes Pilot’s engineer’s let the hackers in a office
communication system to observe and learn about their activities so they can be
more knowledgeable on how hackers attack. (Behar, p.36) Other forces that
corporations can out-source to protect their office systems are called tiger
teams. These tiger teams hack their clients computer to point out weaknesses in
the communication system. This way the weaknesses can be corrected and the
system protected. Tiger teams usually attack their client’s system through the
Internet, but also warn that potential hazards can occur through other channels
such as operating systems. (Doolittle, p.89) In the current computing
environment it is essential to have a security plan for those companies who use
the Internet as their main source of communication. If a plan does not exist the
damages can mean failure for a company. Consequently, it is essential for
information managers to employ the solutions presented in this paper when they
are automating their office system.

Bibliography
Anderson, Heidi. “Firewalls: Your First Defense” PC Today, May 1996:
pp.106, 108-109. Anthes, Gary H. “Firewall chaos.” Computer World, February
1996: p. 51. Anthes, Gary H. “Hack Attack.” Computer World, April 1996: p.
81. Behar, Richard. “Who’s Reading your e-mail?” Fortune, February 1997:
pp. 29-36. Cobb, Stephen. “How Safe is the Internet?” Internet & Java
Advisor, January 1997: pp.36-38,41. Doolittle, Sean. “Special Forces On
Call” PC Today, May 1996: pp.89-91. Icove, David, Karl Seger, and William
VonStorch. Computer Crime. California: O’Reilly & Associates, Inc., 1995.
Pfleeger, Charles P. Security in Computing. New Jersey: Prentice-Hall
International, Inc., 1989. Ray, Charles, Janet Palmer, and Amy Wohl. Office
Automation : A Systems Approach. 2nd ed. Ohio: South-Western Publishing Co.,
1991. Rothfeder, Jeffery. “No Privacy on the Net.” PC World, February 1997:
pp.223-229. Vijayan, Jaikumar. “Making the Web a safer place.” Computer
World, April 1996: p. 45. Wagner, Mitch. “Firms spell out appropriate use of
Internet for employees.” Computer World, February 1996: pp.55,58.