Download PDF Version

 

Get Security Health Check or AUTOPSY is Free

If you think financial losses incurred from computer hacking and data theft are insignificant and exaggerated, you are advised to review the article at the below link and get a Security Health Check NOW! 

http://articles.moneycentral.msn.com/Banking/FinancialPrivacy/HowSafeIsYourFinancialInformation.aspx

Security in the Information Technology Age is more vital than the security of the entire history of banking. The “vault” was the safe storage facility for banking and the only way in was through the “vault door.”  Although you needed keys and the lock combination (or dynamite), there was only ONE WAY IN! Not so with the sensitive data maintained on today’s computers; even small businesses can have valuable data that can be sold or used in detrimental ways across a broad spectrum of activity. These tragic events can go days, months, or longer before they are detected, if ever! How many virtual doors do you have? Let’s take a look:

 

  • Firewall: How many ports are open and not monitored?
  • Firewal:. How many ports are open and never managed?
  • Do you allow employees to use IM?
  • No Intrusion Detection Services (IDS)?
  • Virus Software out of date?
  • Security patches up to date?
  • Where is your off site storage for you backups? A purse, car, brief case?

Even with best of security measures, and the big steel vault, a great many bank robberies have been successful from the INSIDE. Someone with the credentials to bypass these measures unchecked, thus appearing to be performing their duties. Remember, your security procedures must apply to all facets of access (internal and external) and they must be constantly reviewed and updated as the situation(s) change.

If you do not have up to date security measures- then you should have a GREAT ATTORNEY!

If you are using a WIRELESS access point that is UNSECURE, you can multiply your risk level exponentially! Consider the below points:  

  • An unsecured wireless access point can allow a criminal to access the Internet from your parking lot.  Because the wireless access point belongs to your business, any illegal activity performed by that person is traced back to you.  Now your business is liable for damages caused by a nameless computer criminal who has already driven to the next town.
  • Even if someone doesn't intend to cause harm, they may.  A computer connected to your unsecured wireless access point can bring computer viruses into your network or overload your connection, incurring significant costs in repairs and lost work.  More than one small business has been driven to bankruptcy by damages from unknown computers connected to their network.
  • More information can be found at: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci904547,00.html

If you allow a VPN connection that is not encrypted, you may be broadcasting a “DATA AUCTION” over the internet!  

If you accept credit card payments over the internet in the form of an email, or other form, that is passed as an attachment through email, you are susceptible to theft of the data!

With all the appliances and software on the market that claim to offer protection, rarely is a single method 100% effective. Determined hackers are constantly finding ways to maneuver around appliance firewalls and other protective devices-some finding their way inside your firewall and then opening up ports (from the inside) that allow them to distribute spam from your servers, store illegal materials on your hard drives, or sell access to your data! Often UNDETECTED until your servers all but shut down or, WORSE, law enforcement knocks at your door or you become party to a lawsuit naming you as a defendant!

You should never assume that proper security measures are in effect, even if you have an established protocol to maintain your systems. Remember, security/operating system patches and updates take time and eat up resources on the servers/workstations; due to the demand of “keeping the business running”, these all too important tasks can be delayed again and again and may not get done as the more catch up needed, the more time and resources required from the system!

Your best approach is to routinely have your system checked by an outside third party that will be “objective” in nature, by following a standard scope and protocol that will keep you abreast of current vulnerabilities and threats. The provider of these services should also provide a written report of the findings, the level of the threat, and the recommendations to correct the vulnerabilities. Once known, you can correct internally or contract for the service provider to implement the corrective action; with the latter, you can be sure it is done as they want to have a continuing business relationship with you.

 

Some proven methods to reduce your risk and exposure are discussed below:

 

  • Good physical security of servers, routers, firewalls, etc. Limit and control access to these facilities.
  • An enforced data backup system- live it- practice it-JUST DO IT. Does it work? You won’t know unless you routinely restore the data and test it! A good time for this drill is after an upgrade of hardware/software.
  • Limit access to your data from outside sources such as guest log-ins.
  • If you have a wireless access point use a secured protocol and change as often as you feel the need; one reason to change is a high turnover of employees or users. REMEMBER, even if your data is not hacked, a crime can be committed due to someone gaining access to your wireless connection point!
  • Force secure passwords. Microsoft has a setting that forces the user to use extended formats such as 6 or more characters that must use at least one number and one symbol. The server can also force users to routinely change passwords per your protocol.
  • A firewall, if managed properly, can enhance your security level for internet traffic.
  • Intrusion Detection Services (proactive recommended) can counteract hacking attempts, log data, and provide a history of attempted intrusions. This is an integral part of a sound security plan.
  • Vulnerability Access Management. Proactive scanning of devices and connection points to detect weakness. This is an integral part of a sound security plan.
  • Anti-Virus Software that proactively scans not only your mail server and data storage devices, but also all users in your domain. Viruses, Trojans, and the like often infiltrate your system to open up a vulnerable access point from the INSIDE; such activities appear within the normal operating protocol as the action is initiated from the INSIDE of your network. The criminal can access your system without any alarms or notifications of intrusion! (Barracuda is a great appliance that functions in addition to your virus software.)
  • Spam. Although this can be more of a nuisance it should be dealt with head on! Barracuda offers an excellent appliance for this purpose.
  • Software and operating system patches and security updates MUST be maintained and always up to date to add the required layer of protection. Time consuming and a resource hog, it is imperative that these elements be addressed.
  • Do you have employees writing code (programs)? If so you should force them to take vacations and all allotted time off as this will provide an opportunity for others to work with their code, appraise it, validate it, and review it objectively. A programmer refusing to take time off does not indicate dishonestly, but may indicate that they are unsure about the quality or functionality of their code. If you have contractors writing code, you should establish an internal review committee, comprised of your employees, to routinely appraise the quality and functionality of the code to ensure compliance with sound practices and security measures.
  • Routinely contract an outside firm to review your security measures. This is a form of “inexpensive insurance” and an added level of checks and balances for your IT Infrastructure.

Your attitude toward security will rub off on those that are charged with the enforcement of your policies and protocols; make it happen!

Business Information Group, Inc. offers Security Health Check for Small/Medium sized businesses for as low as $600.00, which includes a written report and advice for implementing corrective action. We can also implement the corrective action and develop a scope that will enable you to establish a sound security policy.

 

For more information please contact us at 865-686-5341 or toll free at 888-875-4704.

Business Information Group, Inc.
6100 Lonas Drive
Knoxville, TN  37909
(865) 686-5341
Fax: (865) 212-9926
www.gobiginc.com  

© 2007   Business Information Group, Inc.