It’s 2012. Do you know where your data is, who has access to it and what they are doing with it?
These are 3 fundamental questions that every organization should ask, because most people can’t answer all of them. You know you have data in databases. Most financial and customer data sits there and is hopefully protected by encryption. If you aren’t sure, you better check. But a lot of that data makes its way into spreadsheets, customer proposals, quotes, reports and numerous other documents. Do you know where all of them are and who is accessing them?
Data breaches seem to be in the headlines almost every day. Just do a Google search on “data breach” and you will get more than 29 million hits. Do a search on News stories in the last month and you will get over 2400. Here are a few interesting stats from 2011 according to the Verizon 2012 Data Breach Investigations Report. The report reviewed 855 confirmed security breaches that affected 174 million compromised records in 36 countries. This is the largest number of breaches ever reported. In all likelihood there were probably more that went unreported or discovered.
Read the rest of this entry »
That almost sounds like the title to a bad movie, almost. In reality it’s a real problem today, since most of the important information inside any business is digital information. In the past, if you wanted to keep your secrets safe, you locked your filing cabinets or stored paper documents in a safe. Today, information is all over the place and in many forms. Someone leaving your company could walk out the door with the keys to the kingdom.
Much of our important information is either sitting in databases or documents. These may be on premise or in the cloud. Most of us think that if it’s in a database, we have it secured, but a lot of people run reports that export the data into regular spreadsheets or word processing documents.
But it’s not just what we think of as traditional documents. It’s also in presentations, videos, photographs, image and audio files. Just think about how damaging the tapes of conversations from the Nixon White House were during the Watergate scandal. It’s also email messages in your inbox and on email servers. Voicemails on your cellphone. Or it could be source code to your software product.
Read the rest of this entry »
Ah, the poor password. We love it. We hate it. It’s the most maligned thing in our daily lives. Whether you are at work, home or on the road, you use multiple passwords a day. It’s the most common way we have to provide secure access to computers and applications.
Because we have so many passwords and we have to remember them, most of us are still in the bad habit of creating ones that are easy to guess. This happens for personal and business accounts. It’s one of the reasons that important systems are hacked.
Read the rest of this entry »
The last few weeks have been very busy for hackers. On April 8, 2012, a group claiming affiliation with Anonymous says it hacked emails of the Tunisian prime minister. On March 30, 2012, hackers compromised about 25,000 social security numbers at the Utah Department of Health.
The biggest headlines were from the Global Payments data breach where information about 1.5 million credit cards were stolen. The hackers got card numbers and Track 2 data, but not names, addresses or social security numbers. Fortunately the Card Verification Value (CVV2) or Card Verification Code (CVC2) is not encoded in the magnetic strip where the Track 2 data is stored. This card security code (CSC) is the three- or four-digit value printed on the card or signature strip. When you conduct an online or phone transaction with your credit card that’s the code the merchants ask for. That makes sure you have the physical card.
Read the rest of this entry »
Whether your data is sitting in your data center on a server or in a service provider’s data center in the cloud, making sure it’s safe is critical to your business surviving. I’m not talking about public information, like your marketing brochures or press releases, but about sensitive and confidential information.
Some people believe that your data is safe if it’s inside your own datacenter. You have firewalls, intrusion detection systems, anti-virus and a host of perimeter defenses. Yet, in the last few months alone, companies have had hundreds of thousands of records stolen from servers sitting in so-called protected environments.
Manwin Holding SARL had 350,000 personal records exposed because they were sitting in an unused forum in plain text. YouPorn had 1.4 million email addresses, passwords and dates of birth sitting in a plain text debug file on a publically accessible website. Last year Sony had millions of records compromised by sloppy security practices on its popular gaming sites.
Read the rest of this entry »
