Milwaukee Journal Sentinel
By Stan Miller
Sometimes, technology privacy and security are so important that you bring in a hired gun to make sure you are adequately protected against the forces of evil on the Internet and beyond.
Ben Sherwood, a privacy adviser and chief of Sherwood Personal Security, is one of those hired guns, a leader of a team of mercenaries skilled in the arts of computer security, intrusion detection and network integrity. Sherwood – who lives in Milwaukee and whose company is based in Oak Brook, Ill. – said his small team analyzes the technology its clients use, finds the privacy and security problems and then recommends remedies.
“Most people have no concept of security,” said Sherwood, a 28-year-old with clean-cut, Boy Scout looks. “I try to give them options to fit their situations.” Many of Sherwood’s clients are small-business owners, corporate executives or professionals who handle sensitive information, such as lawyers, doctors and accountants. They’re people who can’t afford to have the information they handle fall into the wrong hands, or they’re concerned about identity theft. And they have good reasons to be wary.
Identity theft abounds
Identity theft accounts for 40% of consumer-fraud complaints and surpasses other areas of fraud, such as sham Internet auctions, according to the Federal Trade Commission. An FTC clearinghouse set up to log complaints about identity theft fielded 86,000 last year, which was up 178% from 2000.
The people who commit these crimes get information about their victims in a variety of ways, from simple schemes like rooting through their garbage, to sophisticated high-tech methods like exploits in computer software or hacking tools called Trojan horses. These programs – which pretend to be benign – often unleash viruses, record users’ passwords or open “back doors” into the systems they’ve infected so hackers can access them remotely.
Sherwood said some of juiciest targets for attacks on their technology security and privacy usually don’t monitor their computer and Internet habits, and many who do often make mistakes. “There has to be a security policy that goes along with any security products you have in place,” Sherwood said, mentioning a client who regularly ran a spyware detection program on his computer but failed to keep its database updated. Sherwood mentioned other customers who had downloaded some security software needed to keep themselves safe but failed to install it.
Spyware tracks every move
“I’ve seen some pretty serious breaches in security,” said Sherwood, a former sales engineer and privacy program adviser for CyberSafe Corp. based in Issaquah, Wash. “You’d be surprised by the number of key-logging programs I’ve found on people’s computers. They had no idea, and these programs put your online communications at risk” because they can capture every keystroke made on a computer.
Sherwood examines the home and office computing environments, checks any network settings, scans the computers for vulnerabilities such as spyware or viruses, updates the operating system and inspects security programs in place. He also scrutinizes the user’s computing practices. For example, do they let their software remember their passwords? What type of information is stored on the computer? Does only one person use the machine, or is it shared?
After the flaws are found, Sherwood sells the solutions to fix them, whether it’s a biometric device used to store and access passwords on a PC, encryption software or accounts with Internet services that give users some anonymity.
A satisfied customer
While most of Sherwood’s customers want to keep a low profile and not speak to the press about his services, Tracy L. Coenen, a forensic accountant at Sequence Inc. in Milwaukee, said she was pleased after he came in and performed a privacy assessment.
“I think what he does is fabulous because a lot of people are unaware of the threats on the Net,” said Coenen, whose company handles a lot of sensitive information in its financial investigations. “I think it is cost-effective to have someone like Ben come in and take a look at what is in place.” Coenen’s company had a strong privacy and security policy in place, but Sherwood suggested some equipment and service that would make her Internet activity anonymous and make her less susceptible to attack.
“I was doing things like password-protecting the computers and password-protecting sensitive documents, and I didn’t send sensitive information over e-mail,” Coenen said. “I consider myself very computer savvy, but Ben was able to point out some things.”