There are three types of security, and in most companies, the same person is in charge of all three. The first type is physical security. This covers everything from setting up a video monitor for the parking lot to making certain no one walks out the door with a PC. The next type is virus security. This includes areas such as patching operating systems and servers so hackers cannot penetrate your systems electronically. The third threat, rumors, is not as apparent as the first two, but it has the potential to be the most dangerous of them all. This threat is often dismissed as unstoppable since the Internet can spread rumors so quickly.

The damage rumors can cause
Chances are, the CEO of your company has never given rumor prevention much thought. However, part of your job as a network administrator is to keep him or her informed of potential threats. This could include protecting your company’s online identity by buying a few strategic Web addresses. The Democrats showed the consequences of overlooking such protection when they grabbed before the Republicans thought of it and then began posting negative information about the candidates. What if someone did this to your company? For as little as $30, you can register a dot-com address that people might logically think is yours. By making certain no one else takes that address, you’ll preempt possible damage to your company’s reputation.

Have a comment?

Do you agree with John that network administrators should be on the lookout for rumors floating around on the Internet about their company? Has your company ever come to you for help in the discovery of rumors on the Internet? If you’d like to share your opinion, start a discussion by posting a comment in the Discussions section below, or send the editor an e-mail.

People spread rumors about companies in other ways, too. Suppose your organization has a new, wildly popular product, and you’re eating the competition alive. Sales suddenly plummet, and a few days later you learn there’s a rumor going around on the Internet that your new green widgets cause cancer. In the past, it would have taken a long time for such rumors to spread geographically. However, with the Internet, rumors are easy to start and can spread around the world in seconds. So if you are looking to protect your company, it is important to let management know the impact of rumors on the Internet. Also, you need a plan for monitoring and responding to this threat.

What can you do?
Managing rumors is a two-part process: First you must search for rumors; then you need to counter them. Searching for rumors should be a job for someone in the MIS department. Countering rumors should be the responsibility of your marketing department, although they will need advice from you to show them where they should target their efforts.

If you choose not to push for extra personnel and your company falls prey to a vicious rumor, then you will ultimately have to answer to someone in management. You should develop a simple response plan for rumor attacks and have it ready to spring on management at the first sign of trouble. Begin by setting up a schedule to regularly run a quick search on in their Usenet search utility. Although it takes a bit of testing to determine which keywords you need to search for, this is a fast way to see if your company (or a competitor) is in someone’s crosshairs.

An ongoing attack needs to be countered instantly. There’s a site for this as well. To learn what’s happening right now in discussion groups on the Web, go to This site is based on a search engine that scans chat groups in real time. If you have a publicly traded company, you need to monitor some additional discussion sites where stocks are touted and disparaged. Yahoo!’s Finance Forums should be at the top of your list.

A major attack inflicting measurable harm may call for a full-court press involving print and broadcast media, as well as the Web. You might be able to counter smaller attacks by merely posting a brief statement in the Usenet discussion groups where it originated. How to respond is not necessarily a security concern—that’s up to marketing. But you should be in the loop because of the important role you play in the discovery process.

John McCormick is a security consultant and technical writer (five books and 15,500-plus articles and columns) who has been working with computers for more than 35 years.