All posts for the month July, 2012

IT Security Audits are no longer just for large corporations

Most likely, you’re already familiar with various forms of security breaches, such as hacking, phishing, viruses, spyware, worms, rootkits, and more. We’ve also talked about how to protect yourself from such malware.

But when it comes to IT security (which includes your own personal Identity Theft), the most important question is “What is the downside risk of experiencing a Security Breach?”

Security breaches can have an affect at many degrees, from a mere annoyance all the way through taking down your entire company and losing confidential data – data that may belong to you — or worse yet, to others. In addition, a breach can bring on lawsuits both from other companies and individuals, as well as Regulatory Agencies. That’s right. No one is immune. That’s why Risk Assessment is such an important tool.

The news media is littered with headlines about security breaches such as the LinkedIn hack that we reported to you only weeks ago. One user is already suing LinkedIn for $5M. And that’s just one user – imagine if they are successful and a Class Action lawsuit develops from there? How about Sony’s Playstation Hack? Or Massachussetts Hospital, Aetna, TD Ameritrade, Heartland Data, Verisign, University of Hawaii…the list goes on and on, including small companies you probably never heard of.

You may think, “what’s this got to do with me? I’m just a small fry, not a big corporation like them.” Unfortunately, way too much. There are two main differences between big corporations and your small company:

First, large corporations have probably paid great attention to security and made all reasonable efforts to protect themselves. This goes a long way to showing “they did the right thing”. But doing nothing (or playing “ostrich”) is often deemed as negligence, and makes you much more vulnerable to damages. Many years ago, “I didn’t know” may have gotten you into less trouble, but today, everyone is expected to “know better” and take the proper precautions.

Second, most large companies can afford the multi-million dollar settlements and/or fines levied, and will likely recover their reputation. But could your company survive paying a large award or fine or the loss of reputation? A 3rd party review is a small price to pay considering the damage a security breach can do your firm.

We firmly believe the old adage, an ounce of prevention is worth a pound of cure. Or in this case, a few thousand dollars of 3rd party audit is worth millions in damages. A recent example of how a small company protected themself can be found on our website [http://www.theciosource.com/cio_cs_bcp.html ]. Remember, the person/department/company that maintains your security should not be the one to audit it.  And, please Don’t confuse Good Luck with Good Planning ™

Leave a comment
by Matt on July 31, 2012  •  Permalink
Posted in Compliance, Risk, Security, Strategic
Tagged , , , , , , , , , ,

Posted by Matt on July 31, 2012

https://theciosource.wordpress.com/2012/07/31/it-security-audits-are-not-just-for-large-corporations/

Security: You Are The Weakest Link

In our last issue “Scary and Little Known facts about Viruses” (click to open), we covered some aspects of these insidious pieces of malware. In this issue, we’ll address another important topic related to your security (or in some cases, the lack thereof).

Your Weakest Link in SecurityWith the multitude of software and technology improvements we see, you’d think we would no longer need to be concerned about security. Unfortunately, the hackers keep improving their game just a bit faster than protection can keep up. But do you know what your weakest link in computer security is?

The human factor. That’s right, people. Not computer hardware or software (although they’re designed by people, too!)

For starters, let’s look at how companies sell and package security software. While most products have great potential, the designers often default all settings to “medium” protection. Using these “medium” strength settings is generally a tradeoff between being safe and having good performance If you set security to its fullest protection, it often causes your system to slow down (and thus make the manufacturer “look bad”).

But if you’re not fully protected, what’s the use of having a little more speed? Suppose the manufacturer of your car made it able to go faster, but didn’t make the brakes as reliable and maybe even skimped on the seat belt and airbags. Would you buy it? Of course not! Then why treat your IT function the same way?

Second, many people who install these security products are either “in a rush” or unaware of the more stringent settings – so they perpetuate this delivery of “medium” protection.

Let’s stop the cycle of inadequate protection and set each setting to “maximum security” and keep yourself safe. An ounce of prevention is worth a heck of a lot more than a pound of cure.

More to come on the “human factor” in future articles.

PS – just because you may not have experienced the wrath of malware doesn’t necessarily mean that you’re protected –Don’t confuse Good Luck with Good Planning ™!

Leave a comment
by Matt on July 10, 2012  •  Permalink
Posted in Compliance, Infrastructure, Risk, Security
Tagged , , , , , , , ,

Posted by Matt on July 10, 2012

https://theciosource.wordpress.com/2012/07/10/security-your-weakest-link/