MOST Irish companies think hackers would never break into their computer systems and fail to take even the most basic security precautions, a leading computer security specialist has said.
Firms wishing to do business on the internet will have to ensure transactions are absolutely secure in order to win over consumer confidence, he added.
The comments, by Price Waterhouse partner Mr Bob Semple, come on the eve of a new venture by Bank of Ireland, called Shop Ireland. Advance publicity has dubbed the project "Ireland's premier Internet shopping mall", and reveals it will involve customers sending their credit card information down the phone line.
Next week, a hacker turned corporate advisor will address a seminar on computer security in Dublin Castle, telling business executives how to avoid being a victim.
According to one recent survey, authored by Mr Semple, two thirds of top Irish companies do not have a contingency plan for a breach in computer security. More than half have detected or been infected by a computer virus.
"The most important thing managers can do is improve their understanding of what the risks are," Mr Semple told The Irish Times.
Often, a high tech firewall may be less effective than a thorough review of who has, and should not have, access to the company computer system, he said.
When hackers break into a system, they always try to find the default log on name and password, then invent several innocuous looking log ons for themselves to ensure permanent access to the system, he explained.
Managers should erase the default logon once the system is up and running, he added.
The report also points out that while many companies have a general fear of a break in by hackers - and are unclear how to prevent such an attack - they are in fact more likely to suffer at the hands of unwitting or malevolent insiders.
Analysts in the United States, where the rate of computerisation is far higher than in Europe, say computer security can only become more essential to business as an increasing number of transactions take place over the Internet.
Already, the FBI estimates an annual loss of $7.5 billion as a result of electronic attack. One survey revealed that the US Department of Defence discovered 88 per cent of their computers are penetrable. In 96 per cent of the cases where hackers got in, their intrusions went undetected, according to the report.
In one celebrated case last year a Russian computer hacker successfully breached a large number of a major bank's corporate accounts, stole $400,000, and illegally transferred another $11.6 million.
In 1994, the US Secret Service uncovered a $50 billion telephone card scam in which many accounts of AT&T, MCI and Sprint cardholders were regularly abused.
Bank of Ireland said it was convinced that its Shop Ireland project would be secure for customers. The system would use high speed telephone lines and firewalls to protect the information in the base, while customers will use a special computer programme called SSL to send financial information, said Mr Paddy Byrne, head of payments and electronic banking services.
The programme encrypts credit card numbers and sends them in separate batches, he continued.
"There have been cases of people breaking through the SSL 40 bit encryption. But let me put it like this - there are easier ways to get credit card numbers," Mr Byrne added.