In the end, Jarrard was one of the lucky ones, relatively speaking. Apart from a couple of weeks of lost time and productivity, his company's assets were unaffected. But not all companies escape hack attacks so unscathed. Even as security practices in medium and large corporations are tightened and as firewalls become ubiquitous on corporate servers, new holes are opening up all the time. The biggest culprits: telecommuters and mobile workers."The security picture is getting worse for two reasons," notes Mike Paxton, senior analyst with Cahners In-Stat Group Inc., in Scottsdale, Ariz. "First, there are more telecommuters every day. Second, they're increasingly employing DSL or cable modems, which are vastly more susceptible to being hacked than dial-in connections. The risks are tremendous." Mobile motivations The U.S. Department of Labor estimates that fully 34% of the U.S. workforce is mobile, meaning they work at least part time outside the office. Those roughly 60 million workers routinely carry around vital corporate data, often in nearly unprotected fashion. In addition, those who employ high-speed "always on" connections like DSL or cable modems generally have a static IP address, making them vulnerable to hackers, who sniff out such addresses and then target them for attack. Thanks to several well-publicized, large-scale hacking jobs, such as the distributed denial of service (DoS) attack that temporarily crippled sites including eBay and Yahoo! in March 2000 and epidemics of viruses like May 2000's "ILOVEYOU" bug, security issues are now top priority for many corporate IT professionals. That concern is sparking a boom in the security services and tools market, according to Abner Germanow, research manager for Internet security at International Data Corp. (IDC), in Framingham, Mass. IDC forecasts the firewall appliance market alone is expected to grow to $1.4 billion by 2005, from $306 million in 2000. The portion of that market encompassing personal firewalls, the tool of choice for telecommuters, "virtually didn't exist six months ago," Germanow says. These tools, which in general work by alerting users to unauthorized attempts to access the computer and its programs, soon will be "a given" on all PCs not protected by a corporate firewall, he says. But handing your telecommuters a piece of firewall software isn't nearly enough, warn security experts. "It's far too easy for the average user to misinstall or misconfigure software," says Laura Taylor, research director of security at TechnologyEvaluation.Com Corp., an IT research firm in Woburn, Mass. "You really must have someone trained in security issues get the telecommuter up and running." In addition, Taylor says, corporate IT must be aware that good security is a multilayered, multiproduct process. Besides firewall software, everyone outside the organization's walls should be equipped with anti-virus software, and someone in the IT department must be charged with making sure the never-ending stream of updates are passed along to users, experts say. Also, industry observers say a stringent authentication system should be in place to prevent hackers from "eavesdropping" on log-in procedures and stealing passwords to the corporate network. Finally, Taylor also recommends installing a messaging security program, such as New York-based Lexias Inc.'s LexiGuard messaging encryption software. LexiGuard is a public key infrastructure (PKI) program that uses two keys--a public one that encrypts messages and another that decrypts them. In order to exchange messages, both the sender and receiver need the software installed. Recent converts R. Gordon Parker, for one, has become a staunch advocate of strong and well laid-out security practices. Parker is president of Dynamic Solutions Group (DSG), an IT consulting and services group in Edmonton, Alberta. Like a growing number of companies these days, DSG is pervasively decentralized; in essence, all employees are telecommuters. It's one of Parker's jobs to ensure the data bouncing between his 115 widely dispersed associates remains secure. Parker will vouch for the need for a multilayered approach to security. In the spring of 1999, an associate from Europe inadvertently forwarded the "PrettyPark" worm to him via e-mail. The worm was designed to infiltrate a hard drive and release confidential information such as dial-up passwords and system information. Further, it compromised companies' security settings by allowing the remote receipt, creation, deletion, and execution of files. Because the worm was a new one, Parker's anti-virus software wasn't equipped to detect and reject it. The worm was programmed to attach itself to all applications on the victim's computer that are capable of accessing the Internet, thus insidiously finding a way to replicate itself. Parker's computer would have been turned into a launch pad for the worm.