Protecting corporate credibility

If you read most of the media reports about the latest viruses, you will probably believe that the worst a virus can do is destroy your data.
Written by Charles Cousins, Contributor
If you read most of the media reports about the latest viruses, you will probably believe that the worst a virus can do is destroy your data.

But is this really a disaster? After all, most companies make backups of important data and if hard disks get wiped, it's an inconvenient but recoverable situation.

Perhaps system administrators should be considering some of the untold dangers of viruses instead, such as the damage that can be done to a business's credibility by a virus infection.

Viruses can use a number of different techniques to damage the credibility of a company, with the potential of causing much more financial harm than viruses which case system downtime or a destroyed database.

For instance, there is a class of virus known as 'data diddlers'. These are viruses which can take your spreadsheets and make occasional and very subtle changes to them. They may simply shuffle numbers around, or multiply every 15th number by 0.95. Unlike viruses which play a tune through your PC speaker or display a large skull and crossbones on your monitor, these viruses succeed by keeping very quiet about the fact that they have infected you.

Imagine you were posting financial data about your company to your investors or the stock exchange, and it had been corrupted in this way. Such corruption may not be noticed for months, and when it finally is seen, you may need to make an embarrassing retraction which could affect how investors view your organisation.

The danger of these data-corrupting viruses is that by the time the damage is noticed many or all of your backups may have been compromised as well. What do you do then? Resort to your paper records and retype in all the information? For many companies this would be an unbearable situation.

Then there are viruses which, for want of a better term, I will call 'binary blabbers'. These can forward confidential information from your computer to your colleagues, competitors and the general public via your email system. The last thing you want if you are plotting the overthrow of your arch rival competitor, is for a virus to forward your master plan to your intended victim! Who needs industrial espionage when a virus can damage your organisation's confidentiality this way?

The Sircam worm, which became widespread in late 2001, is an example of a virus which is particularly damaging for businesses because of its ability to leak confidential information. The worm is capable of "scooping up" documents and spreadsheets from your hard drive and forwarding them to everyone in your address book. Many people will have found in their inbox information they were not supposed to have received with the alluring message: "I send you this file in order to have your advice".

Other viruses such as Happy99, written by the French virus writer Spanska, started the trend of noticing when the users sends an email or makes a usenet newsgroup posting and send themselves at the same time.

If you search Internet usenet archives you will see hundreds of companies that have accidentally spread the Happy99 virus. How do you know this to be the case? This is because their virus-infected postings are there for everyone to see, with clear details of who sent it and when. It is very hard for companies to deny they have spread a virus in this way, and you can imagine the damage this can do to a company's reputation.

Finally, there are those companies who have simply not kept their anti-virus software up to date, or not followed safe computing practices and sent customers a virus directly. In August 1999, Fuji Bank sent a document to investment partners regarding its forthcoming merger with the Industrial Bank of Japan and Dai Ichi Kangyo Bank. But when investors opened the document a message box popped up informing them they were "big stupid jerks"—not the best way to get investors to reach into their pockets.

In January 2003 Datatilsynet, the Norwegian Data Inspectorate, apologized to subscribers of its email newsletter on computer security after accidentally distributing the FunLove virus. Their embarrassment was compounded by the fact that the FunLove virus had first been seen years before, and was preventable by any up-to-date anti-virus software.

If you sent a virus to one of your largest customers would you ever be able to recover your reputation? The costs of recovering your credibility as a company due to a virus can be much greater than simply restoring destroyed data from a backup.

So, what can be done? Clearly, good up-to-date antivirus software is a must, but it isn't a 100 per cent solution. Companies should consider implementing 'safe hex' procedures and rules to further reduce their chances of being hit by a virus. The good news is that these rules and procedures can be put in place without giving any money to antivirus companies.

Charles Cousins is the managing director of Sophos Antivirus Asia.

Editorial standards