The business equivalent to the personal -security sin of using the word \u201cPASSWORD\u201d as your password: Not collecting and reviewing the data from all your system logs. Chances are you're\u00a0not doing that. And you should feel\u00a0guilty about it. But you can take some comfort in knowing you\u2019re not alone.\n\t\u201cRelatively few do it,\u201d says Sherri Davidoff, co-author of the startlingly well-written new book Network Forensics: Tracking Hackers Through Cyberspace. \u201cMostly it\u2019s companies in the financial sector which are at risk of losing money directly from being attacked.\u201d\n\tThe truth is most companies don\u2019t know when they\u2019ve been hacked. That\u2019s not just Davidoff\u2019s opinion. I\u2019ve been told the same thing by folks\u00a0in the security industry and in law enforcement. One agent from the FBI said he stopped counting the number of times he told IT execs about attacks that they knew nothing about.\n\tWhy does this happen? Companies\u00a0don\u2019t regularly review their event logs to see what\u2019s going on in their own systems.\n\tIt astounds me that checking event logs is so uncommon. It's kind of\u00a0like checking to\u00a0make sure\u00a0you didn\u2019t leave the key in your door lock, folks. You're probably wagging your head in disbelief, too, because no CIO.com reader could be that clueless...could they?\n\tJust in case you decide to\u00a0pass this\u00a0post along to someone who works at one of those other companies, I will explain why event logs matter:\n\t\n\t\tThey contain lots of info directly relating to your network, like DHCP lease histories and\/or network stats.\n\t\n\t\tThey include records of network activity including remote login histories.\n\t\n\t\tBecause they have been transmitted over your network they create network activity.\n\n\tIf you want to\u00a0find anomalies or unauthorized\/unexpected users, the information\u00a0is all there in event logs.\n\tWhat is even more baffling about the fact that these logs so frequently go unreviewed is that companies don't have to check logs manually. They don\u2019t have to sort through all the different log formats to figure this stuff out. There are a lot of programs that will do all of this. All you have to do is read the report.\n\t\u201cYou want to make sure you\u2019re not the lowest fruit on the tree; that you\u2019re not the most vulnerable,\u201d says Davidoff. \u201cFortunately or unfortunately, that\u2019s not that hard to do.\u201d\n\tPS: I\u00a0read a lot of\u00a0computer-related books. In\u00a0most\u00a0cases I would rather try to read machine code. That is why I have to point out that Network Forensics is actually well-written. It is a text book that you can read and really\u00a0learn things from. You probably went to college, so I don\u2019t have to tell you how rare that is.