Companies connected to the internet need to be more vigilant about computer security.

Malicious hackers and web vandals are stepping up their efforts to exploit vulnerabilities and spread new viruses.

The vulnerabilities exploited by virus "worms" such as Nimda and Code Red had been known about for months before hackers created programmes based on them.

More recently, viruses are being propagated and spread more quickly.

Security companies say the problem is increasing and companies are getting less time to respond.

Even the security companies themselves are coming under attack. Kaspersky Labs' anti-virus mailing list was infected by Braid, the latest email worm, after a massive attack against the company's web server.

Braid arrives as an email, executes itself and infects computer files with a modified version of the Funlove virus.

Verisign, which manages two of the root domain name system servers vital to managing the flow of traffic on the internet, moved the servers after a co-ordinated attack crippled nine of the 13 servers around the world.

Research by security company Symantec suggests the number of internet attacks is growing by about 64 per cent per year.

In the first six months of this year, companies were attacked on average 32 times per week compared to 25 times a week in the last six months of 2001.

WildList Organisation International, used by anti-virus researchers and vendors alike, publishes a monthly list detailing the type, number and frequency of viruses circulating in the world. It listed 572 new viruses last month.

Security companies are racing to keep up with hackers. Every time a virus is released, it takes time to identify it and develop an antidote.

This is proving problematic as the latest worm-writing techniques help hackers create ultra-virulent worms capable of outflanking most defences.

Protecting computer systems from internet-based attacks is becoming even more important and companies need to implement the right processes and systems to protect their business.

The Fraud Advisory Panel, in conjunction with the Institute of Chartered Accountants, has published guidelines on computer crime, including hacking.

It says small and medium-sized enterprises (SMEs) must wake up to the threat.

The guidelines say the key to reducing risk is prevention and SMEs should focus on implementing policies such as employee guidelines for internet and email use and developing a culture of awareness to increase security.

Companies should hold regular staff training sessions, keep abreast of regulatory developments and, where possible, recruit individuals with expert knowledge.

Companies can also take a number of technical measures to ensure their basic set-up is secure.

A firewall is a piece of software or hardware that sits between a company's computer network and the internet.

It can monitor internet and other network activity and tell you when another computer is trying to communicate with one of your own. A firewall is not an absolute guarantee of safety but it will restrict the amount of people able to break into your network.

There are many packages on the market to identify and isolate virus infections and there are also ways of avoiding infection in the first place:

Never open an unsolicited
attachment to an email unless you know exactly who it is from. Even then, be careful.

If you receive an executable file
(any file ending in .exe) by email, don't open it.

Don't allow staff to install their
own programmes on computers.

Regularly update your antivirus
software from the supplier's web site.

www.kaspersky.com
www.symantec.com
www.wildlist.org
www.fraudadvisorypanel.org
www.icaew.co.uk