Saturday, October 1, 2011

Security ? A Serious Business - floating-point

During the course of our day, each of us use technology in a variety of ways.

We research.

We communicate.

We buy things, and we sell things.

The great race from brick and mortar to virtual shopping has given rise to a staggering number of opportunities.

Setting up shop online has allowed businesses to reduce costs for office space, warehouse space, and staff.? It?s also easier to let your customers know about products, promotions and special events in our highly connected world.

However, there is a dark side to the rapid rise of ecommerce.? The rise in cybercrime has been equally rapid, if not more so.

How serious is the problem?

Why should you be concerned?

What can be done to protect your online investment?

These questions and many more, are debated by security analysts, scholars, and business people very much like you.

Internet security is something more than keeping your software up to date, virus and malware scanning, changing your password regularly ? especially if you operate a website!

I won?t proclaim myself an expert in matters of internet security out of respect for those who are dedicated to the depth and complexity of the field. I will, as an interested and invested party, share some of my thoughts with you in the hope that you will find something of use in this article.

First, the obvious question is how serious is the problem of lax internet security for business?

In 2011, Symantec released the Norton Cybercrime Report which places the value of cybercrime at $388 billion, or ?100 times the annual expenditure of UNICEF? and ?approaching the value of all global drug trafficking.? This value is derived not just from the monetary losses directly associated with cybercrime ($114 billion), but also the lost time attributed to cybercrime ($274 billion).

HP, well known maker of personal computers, peripherals and an IT service provider, also provides research that cybercrime has risen 56%, with a cost per organization ranging from $1.5 million to $36.5 million.

If we put aside the possible ulterior motives security providers like Symantec and HP might have to inflate the costs of cybercrime, and acknowledge that not all cybercrime is directly related to ecommerce activities, it was still a busy year in electronic security. Some big names suffered from unprecedented breaches. Sony, Lockheed Martin, and Google made the news with high publicity security compromises.

Sony certainly made the news with its Playstation Network and Qriocity services, its Sony Entertainment Online Entertainment and Sony Pictures account information all falling to malicious hackers. Personal information including names, addresses, usernames, passwords, credit card and banking details being amongst the information disclosed.

Can you imagine what might happen if you found yourself dealing with a violation of your own network security?

How would you recover from the damage to your reputation, the loss of customer faith, and the legal repercussions?

You might not believe your business is big enough to be a target.

You would be wrong.

The US Secret Service, FBI and Department of Homeland Security recently expressed a need for small businesses to change their approach to security.

It?s true that you might not become the target of a large contingent of hackers out to humiliate or to make an example of your business. With widespread automated attacks seeking weak security setups you don?t have have to be big enough to be noticed.

Like an open door, weak security setups remain a danger because they represent a very real and constant threat.

Even a breach of customer information without exposing financial details is a serious concern.

Email marketer Epsilon (representing TiVo, Capital One, Verizon, Best Buy, Air Miles, and many others), NATO, eHarmony Advice and McDonald?s customers personal information was obtained with a clearly detrimental effect.

Even hacks where no data changes hands can harm a company?s reputation. For example a hack of the Sears website might have amused Jonathan Swift, but certainly mortified at least one Sears customer service representative.

Worse still, your internet services could be used to serve malware, route SPAM or worse.? It happened to the BBC, CBS, MySQL (Oracle) and the US Treasury.

By now, I?m certain you recognize that security is an important concern and it?s worth the effort to have an organized security strategy.

What steps can you take to avoid becoming victim of electronic crime?

  • Create a security plan:
    Include infrastructure setup and maintenance, staff training, and response protocols. Follow documented best practices from reputable sources.
  • Practice security in depth:
    Limit access to confidential information, encrypt sensitive material, and monitor/audit your systems regularly.
  • Stay up to date:
    Keep your systems and software up to date. If you haven?t updated in the last 6 months, chances are an update is available.
  • Investigate and act on unusual behaviour:
    Never let unusual behaviour pass unexamined. A minor security breach can become a major breach given time.
  • Educate your customers:
    Let them know your policies for data retention and use, advocate they use strong passwords and monitor their accounts.
  • Capture only the information you need:
    The Model Code for the Protection of Personal Information states ?The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization.? Don?t collect information in the hope you will find a use of it.
  • Don?t implement an imcomplete solution:
    The site may look great, fulfill its functional goals, but if it?s not safe to deploy then wait until you can make it safe.
  • Keep highly sensitive material offline:
    Resist the urge to make everything available via the web ? some material should remain for internal use only.
  • Deal with any security issues immediately:
    Maintain control of the situation by acting, rather than reacting. It is accepted that the longer you wait, the more costly a security issue becomes.

In the end, good security will cost time, effort and money but it?s worth it for your peace of mind and the continued success of your business.

Join Floating-Point and take part in National Cyber Security Awareness Month this October, but remember that security is a year-round concern.

To discuss your security initiatives with Floating-Point, contact us and we will be glad to help!

Links of Interest:

If you found this article interesting, you might also consider reading some of the following:

?

Stay secure!
Matthew

lead developer
floating-point

Source: http://www.floating-point.com/index.php/2011/09/30/security-a-serious-business/

gardasil usnews new york special election windows 8 2pac kabul build

Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)