March Madness--the NCAA men's basketball tournament--starts tomorrow. Exacerbating the problem of reduced workforce productivity that many companies face during this time of year, CBS will be offering free Webcasts of the games.

 

But companies, especially those that rely on e-commerce for revenue, have more to worry about than employees slacking off to watch the games on their comptuer screens. Their computer networks may be at risk, too.

 

Jeff Falcon, Network Security Engineer at CDW, spoke with TMCnet about how computer networks may be under increased threats during March Madness, and what companies can do to mitigate the risk.

 

Increased use of the Web to access steaming video also means increased chances that the integrity of the network will be compromised, Falcon said. The simple act of accessing a website can expose networks to viruses, worms, and phisher code.

 

Phishing--messages sent with malicious intent that target certain users, requesting personal information--has created a lot of buzz recently in the Internet security industry. And with good reason.

 

These types of messages are often cleverly designed to look like legitimate requests from online companies. Unwitting users who respond to phishing attempts may compromise the security of the entire network.

 

Phishers can use take the information provided and, using hacking tools, wreak havoc on a network.

 

“They can cause a lot of damage to an organization's reputation as well,” Falcon added.

 

For example, a phisher may be able to obtain information that will allow him or her to hack a company's website, altering information and redirecting links. E-commerce companies are particularly vulnerable to this type of attack.

 

Falcon said there are many security products on the market--from vendors such as Websense, Trend Micro, Semantec and McAfee--that companies should strongly consider purchasing to protect their networks, if they have not already done so.

 

It may be too late to get one of these solutions installed in time for March Madness, but there still are things that can be done quickly to reduce risks.

 

The quickest thing IT managers can do is tighten down web protocols--namely, which ones are being used and for what--at the firewall level, Falcon said. Companies need to consider which ports and protocols are actually used for legitimate purposes, and which can be temporarily locked down during March Madness.

 

For example, one protocol that can cause problems is instant messenger.Many IM applications, Falcon said, are port-hoppers; each time a new connection is established, it may use a different port. Any port used could create a vulnerability.

 

Bandwidth-intensive applications for streaming audio/video, and sharing files, also potentially can cause security breaches.

 

Beyond these fairly obvious productivity-busters, other protocols should be considered as well, such as FTP, POP3, SMTP, and 443 (for companies that use SSL). Some ports or protocols may be sitting idle, providing no benefits to the company but instead serving as potential security holes.

 

"If they’re not being used, they probably should be closed," Falcon said.

 

IT staff should also make sure all the latest Windows patches are installed, and that virus scanners are up-to-date.

 

"It’s cumbersome, and it may take time, but it may save you," Falcon said, of implementing a short-term security lock-down. 

 

Falcon stressed that best practices dictate all companies should be proactive about network security. IT staff should have tools that allow them to police network perimeters, allowing policy to be written about which websites and protocols to allow, and which to deny.

 

"It’s all about minimizing the risk, and reducing the amount of surface area you have for a threat," Falcon told TMCnet.

 

Addressing security now will prevent headaches down the road, both in terms of liability issues and effective use of network resources. March Madness is just the beginning.