Keep your data safe, security expert warns

LOGAN — National security threats take many forms, and a man focused on information assurance told a crowd Wednesday that everyone — from individuals to companies and organizations — needs to be vigilant about protecting computer data.

James Frost, deputy director of the National Information Assurance Training and Education Center at Idaho State University, warned against feeling there is no threat.

"As we look at cyber security . . . the great approach is just to bury your head in the sand: Everything's cool, no one's Chicken Little. The sky is not falling. Everything's copacetic. No one's interested in your site. No one's interested in your resources. You're really not a very large company. It's just your credit card, yadda yadda yadda," he said at a Partners in Business information technology seminar at Utah State University.

"No. There are major concerns we need to look at. We are being hacked. . . . People are working on different sites. They have electronic agents out there seeking to get into your system just to see if they can or just to see what they can extract from your system. You have to be diligent in that aspect and always be aware."

The center works to boost the quality and availability of information assurance knowledge and training to government, business and educational institutions. The ultimate goal is protecting critical information infrastructure, which includes telecommunications, electrical power, oil and gas, banking and finance, water, emergency services, transportation and government services.

Frost said computer crimes annually account for losses of $5 billion to $10 billion, with an average heist being $500,000. "It's very profitable, and where it's profitable, people will respond," he said.

Computer systems are vulnerable because access is easy through the link of the Internet, people often are sloppy in giving away private information (such as putting Social Security numbers on checks), and even unintentional actions by employees can have significant impacts on computer security.

"We are linked," he said. "We are network-centric. It's modifying the way we think, modifying the way we do business, modifying the way we have to protect our assets. Dramatically."

Each company or organization must determine its security measures based on what it considers its risks, such as terrorism, identification theft or espionage.

Equipment theft, once a major focus, has become less so, he said. "What they really want is data," Frost said of the hackers. "They want to see the intellectual things that are captured inside these little boxes in the magic 0s and 1s."