If Representative Ron Paul was in charge of your network security he would tell you don’t put in a firewall or buy any software. After all if we don’t mess with them they won’t mess with us.
Don’t take this passive approach to network security. Proactivity is the only way to defend a network. You must be able to detect and respond to any threat. Passivity is the guaranteed way to loose data.
WatchGuard recently unveiled their top security predictions for 2012. This list has been pretty accurate over the years. One of them that jumped off the page to me was this: A major cloud provider will suffer a significant security breach – Cloud Computing brings chance of malware-storms
This echo’s one of the items I teach on in our Security Practice class. There is an increased “blindness” when companies move data and servers to the cloud. Companies have little or no control over these servers so your security is 100% dependent on someone else’s security practice.
Don’t confuse cloud companies with being technical companies. They are sale sbased organizations. While a lot of the services are now and will continue to be secure. There is a rapid adoption of new businesses popping up and without proper testing.
If you are looking to move your data to the cloud make sure you do your due diligence and properly vet these service providers. And never give up the keys to your company without having complete access to control who has access. Doing so blindly is playing with fire.
In my experience very few executives, weather IT or otherwise, know where all their data is stored. I do not mean this to sound insulting or judgmental. The reason executives don’t know is that this information is rarely properly documented. This is a scary thing. We recently have been involved with a few clients in “getting control” of their IT assets after some turnovers and it is very costly. Wrangling all of this in is always a challenging and time consuming task.
My advice to any executive that is responsible for IT or other digital assets, is to take time to understand all of the areas where your data resides and make sure that the data is protected and backed up. There is nothing worse than not knowing something when you are thrown into a situation when you have to know. These situations could be from employee turnover to employee termination. Getting access ahead of time is basic continuity planning and needs to be as the top priority for any organization.
I watched this video a couple weeks ago and immediately shared it with my team. I think this is a fantastic explanation for why people do or do not do something. I think this fits in perfectly with what I have been talking about lately, why IT people don’t get security projects approved. Take a look and I would love to hear your feedback.
http://www.ted.com/talks/lang/eng/simon_sinek_how_great_leaders_inspire_action.html
Pakistan will begin enforcing a ban on VPN traffic. The Pakistan Telecommunications Authority delivered a memo in Internet providers asking them to block encrypted VPN traffic, unless permission is obtained.
The concern is that terrorists will try and hide communications. The reality is, in my opinion, they want to snoop on all traffic. I believe this is the same country that was mad at the USA for killing Bin Laden. Are we to believe that now they are interested in only stopping terrorists?
I believe that companies that operate in the middle east and Asia Pacific regions will have these obstacles continuously added. Proper planning for a dynamically changing remote access solution will be necessary to continue to compete. Products, policies, and procedures will need to be continuously reevaluated in this climate.
Phishing is one of those most dangerous scams on the internet today. That is not news to anyone who even casually reads news. When a phishing attack occurs the purpose is to gain access to critical data by attempting to coerce users into disclosing it. An even more egregious attack is spear-phishing. That is when an attack is personal to your employees.
When companies test their security they rarely test for phishing success. Yet it is extremely relevant. Not testing for phishing success is really just waiting to get your data stolen.
Your employees don’t know how to react unless you train them. You can’t train them until you know where you are weakest.
We offer this as a service to our clients. Because not one test or assessment makes you secure. It is through several tests can you really know where your security stands.
The number one thing to make companies more secure is often overlooked. It isn’t the firewall, the anti-virus, the, email filter, or even the 2FA process. It is communication.
For example, if you encrypt a hard drive. That is a great thing to do…Then an employee tapes the password to the keyboard because it is too complicated to remember.
If the risks and the process is never properly communicated to employees all the devices in the world will not make you 100% secure.
Join me in Charleston on October 13, 2011 for a one day training class on how to make security a part of your organization. http://www.xtmtraining.com/trainingform.php
How do you know the smoke detectors in your house work? Do you assume they work or have you tested them?
How do you know the brakes on your car work?
I believe that if companies spent a small portion of their current IT budget simply testing their security they would have a better handle on their position and what they need to do next year. Without testing the security, or lack of security, I really don’t understand how they can plan for 2012.
Basing budgets and projects off of instinct and not hard facts is never a good plan.
Most companies do not test for user reactions to a phishing scam. This is a mistake. Not knowing how a user will react to a phishing attack leaves your company vulnerable.
We offer phishing tests to help our clients protect their assets. Don’t wait for an attack to occur. Test for it so we can train your team properly.
Our Security Practices class in Charlotte starts Thursday afternoon. This day and a half event will kick your butt on security and provide you with the security blueprint you need to plan 2012. Don’t miss this high impact high energy event. Only 3 spots remain.
