Share this article

print logo

Confronting cyberthreats Business group hosts program on security

There's the son-in-law of the company's owner who embezzles money to feed his growing drug addiction by selling inventory on eBay.

Or the group of professional hackers based in a country that does not have an extradition treaty with the United States.

And the unwitting employee who opens the wrong email attachment, allowing malicious computer software to infect the company's network.

These are just some of the threats faced by companies in the digital age, when thieves use a computer instead of a gun to commit their crimes.

"Technology can be our friend, but let me tell you something, it's also our enemy," said Peter J. Ahearn, former special agent in charge of the Buffalo FBI office and owner of Ahearn Consulting, a participant in a program on cybersecurity hosted by the Western New York Business Leadership Forum.

The panel discussion, "The Invisible War: Securing Your Technology and Preventing Cyber Risks," was held Tuesday morning in the Burchfield Penney Art Center and drew 128 registered attendees.

After outlining the main threats to businesses' electronic data, Ahearn and three other experts detailed the best practices companies can follow to protect their corporate secrets and their customers' information.

They emphasized having good information-security policies in place, having insurance coverage for security breaches and keeping track of what employees are doing on company equipment and networks.

IT thieves "typically take the information that was given to them as part of their job," said B. Kevin Burke Jr., a litigation partner with the Jaeckle Fleischmann & Mugel law firm.

It's an embarrassing blow when LinkedIn, Sony or another company loses members' passwords or credit card information.

An engineer with Cisco estimates there are 12 billion devices connected to the Internet worldwide, according to a video shown at Tuesday's forum, and security is a major concern because so many of those gadgets are used to conduct business.

"The war, the crime scene, now has become the personal computer," said John Walp, M&T Bank's corporate information security officer.

Yes, there are attacks on company networks from international, professional hackers, but most problems come from within, the experts said.

The culprit can be a disgruntled employee, or a worker facing gambling debts, who intentionally steals company information, or it can be a "knucklehead" who accidentally puts the firm's data at risk, said Michael G. McCartney, co-founder of DIGITS LLC, a computer forensic consulting firm.

Everyone has anti-virus software and other filters in place, but that's not enough today.

Ahearn recommended regularly conducting background checks on employees who have access to sensitive information -- not just when they are hired -- because their financial situation or job satisfaction can change.

McCartney also urged employers to make sure they know what their workers are doing on the company's computer network and company-owned desktops, laptops and smartphones, even if this requires periodic forensic inspections.

"We can peek under the hood and tell you what you don't know," said McCartney, who is a former assistant chief investigator for the New York State Attorney General's Office.

Companies need to train their employees in safe IT practices and collaborate with law enforcement agencies, Walp said.

Employers need a clear policy on IT security; they should look into whether their insurance policies cover damage caused by a cyber assault; and they need to limit access to the most sensitive company data, Burke said.

Michael Beecher, president of Escape Wire Solutions, moderated the discussion. It was presented by Escape Wire Solutions, Insyte Consulting, Jaeckle Fleischmann & Mugel, Lumsden & McCormick, Vanner Insurance Agency, the University at Buffalo's Center for Entrepreneurial Leadership and World Trade Center Buffalo Niagara.