Public-Private Partnership Needed to Protect Most Vulnerable, Official Says
LONDON -- Small U.K. companies are so vulnerable to e-crime -- and so complacent about it -- that a top Internet crime-buster pleaded Wed. with industry to engage with police on the issue. High-tech criminals bilked British companies of at least Pounds 2.4 billion last year; a survey of 200 firms found that 30% have no formal information technology risk assessment, said Len Hynds, business change & transition dir. of the National Crime Squad. Echoing others at the E-Crime Congress 2005 here, Hynds called public-private partnerships a major weapon against e-crime.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Small and mid-size enterprises (SMEs) are the worst equipped to deal with cybercrime, Hynds said. Besides lacking the infrastructure of large multinationals, they aren’t used to working with govt. and have no collective voice, he said. This makes them hard to hear concerning cybercrime, he said.
Many U.K. companies have joined a National Hi-Tech Crime Unit (NHTCU) industry outreach program. But as that forum took shape, investigators noticed they were focusing on securing the Internet for large firms but bypassing the most vulnerable users, Hynds said. The program has been modified to reach everyone online, including SMEs and home PC users, he said. The NHCTU will use multinationals to deliver the e-crime message to smaller companies.
Business needs convincing about how public-private partnership fights cybercrime, Hynds said. An attitude that “it'll never happen to me” intertwines with media- driven fear of e-crime, he said. To address both, law enforcement and industry must pool their expertise -- the former in how criminals work, the latter in how IT systems operate, he said.
There aren’t enough cops to police cybercrimes and more traditional crimes rampant on the Internet, said Howard Schmidt, eBay chief security strategist and chmn. of the U.S. Computer Emergency Response Team. SMEs’ digital architecture must engineer in security from the start, not try to retrofit, as happened with VoIP, Schmidt said. Small firms also should drop user IDs and passwords and switch to 2-factor authorizations as financial institutions do, he said.
Companies must stop believing the police will disclose confidential business data, Schmidt said. Don’t wait for an e-crime to get friendly with your local police, he said; take them out for a pint now.
The NHCTU also plans to target home PC users, an even more-threatened group. Project Endurance, to launch this year, will try to alter online behavior and user attitudes by raising awareness, building trust and encouraging online consumer community growth, Hynds said. The project’s message -- “Take control of your Internet before someone else does” -- will go out using a Web portal, education packages and tool kits distributed to schools, trade bodies and other groups.