February 14, 2011
What would be the impact if your data ended up in the wrong hands? Someone or organization that was able to actually do something with the information that you have on your systems. What would they do? Could they profit from it? What would happen to you? your customers? your image?
The initial breach itself typically has a minimal impact. Most would think that this would be the biggest issue, the interruption. The fact is the goal is not to interrupt, not to alert you that something has or is happening. After the data has been taken the intruder will likely “hang out” and see what else they can do. Once the data has been sold or exhausted for its value that is when phase two occurs.
This when the sale of the data takes place. I recall a small credit union calling us one day because several of their clients were coming into their offices and claiming that money was taking from their accounts. There were a flood of people coming in! This still wasn’t the most costly phase!
The intruder will then start to use your systems to try to break into other systems, host spam engines, host images like pornography and other activities that cause havoc and interruptions. This still is not the worst part! Once the dust has settled and your network is put back together you might not even know that your data was taken because it wasn’t! That is correct, they didn’t take the data they took a copy so you don’t even know until the next phase.
The last phase is when your clients leave because they don’t trust your system. This is typical of the high-profile clients that have to deal with compliance and regulations and just can’t continue to operate their business with your organization as their vendor. Yes, the high-profile clients probably represent the top 20% of your client base and probably 80% of your revenue.
We have witnessed this with small businesses here locally and certainly we have all heard of the high-profile large companies that have been compromised and been through all four phases. Some have suffered repeats of the same because they still didn’t take the appropriate and necessary actions. It is even worse when the intruder doesn’t leave a copy and actually destroys or deletes the data and the business then discovers that their data hasn’t been backing up even though they thought t was.
What would happen if you lost 80% of your revenue and had the reputation of having an insecure system?
February 10, 2011
Seems that every time I want to go some place with my kids they have their electronics in hand. They are always “plugged in” and playing something. The computer, the Ipad, the Xbox and so on. Seems like this has to be affecting them long-term in some way. I once heard a speaker say that because kids are always winning at their games they get more frustrated when they don’t win in real life because of that expectation and constant gratification of winning. In fact in a game they are always winning… like hundreds of little wins as they go through the game. Makes sense to me. In fact when my kids get hung up in a game and can’t get through a small part of it they get very frustrated and sometimes very verbal.
I have often thought that as time passes and this next generation of gamers enters the work force how are employers going to have to change to adapt to them? Is there going to be game rooms? Are we going to constantly have to praise their good work lots of little times or they will get frustrated and give up? Will we give reviews electronically or notify them that they got a raise on their Facebook page? What will their expectations be when it comes to the technology we provide them to do their work? Will they demand that they use their own technology?
I’m not sure what these answers are but I’m sure the future gamers will end up being very different employees from the ones we have today.
I challenge you to unplug you and your kids from electronics for periods of time. Start with an evening then try for a full day and see what happens. I recall hurricane Isabel taking our power out for around 8 days. We did camp fires every night and spent a lot of time together with the TV and other electronic distractions off. I remember it was a lot of fun and wonder if doing this regularly will impact my children and their dependency on technology long term.
February 9, 2011
Chances are you are not only connected to your business network but that you are also connected to another unknown or malicious networks with highly sophisticated cyber criminals. Let me explain…
You are aware of your local network. It consists of servers, printers, other systems and even devices like PDA’s. Then there are peer to peer file sharing networks or P2P networks. These are networks that consist of subscribers to services like Napster, Kazaa and Gnutella where users can share files like music, images and video. The threat with being associated with these networks is you are giving other anonomyous users access to your system and with little efforts they can access other files that consist of your financial information or office documents. This is a growing concern with business leaders that have users that use their corporate systems for these purposes.
Then there is the botnet. A Robot Network is where an agent (software program) is installed on your system and makes you part of a network. One of the most poplular and recent bots is the Conficker worm, said to have made its way onto over 7 million government, business and home systems. Most of these networks are run by cyber crime syndicates like the Russian Business Network, Shadow Crew and the Gray Pigeons.
Albert Gonzalez, one of the captains of Shadow Crew, was responsible for the largest security breachs including companies like 7-Eleven Inc., New England grocery store chain Hannaford, and payment card processor Heartland Payment Systems.
Have your systems checked and checked often to make sure you aren’t sharing information you would have rather not have. The other threat is these other networks use your system resources to spread spam and host images just to name a few.
Here is an interesting story about a company that was breached as a result of a user having a P2P application installed on one of its systems. Below is a video that YOU MUST WATCH that illustrates how your children can expose all kinds of information that is stored on your system.
Information Week Article
February 1, 2011
There are five steps to creating a good security plan: assess, plan, execute, monitor and repeat.
- Risks Assessment. Identify key digital assets and information that need to be protected, including hardware, software, documentation and data. Review the threats and risks. Make a prioritized list of items to protect.
- Plan. Create a work plan for preventing, detecting and responding to security threats. Identify who will be responsible for implementing and monitoring the plan. Agree a timetable for implementation.
- Execute. Communicate with staff. Train where necessary. Remediate until all know threats are mitigated.
- Monitor. Continue to monitor for new threats and followed with prompt remediation. Build a mindset that security is a discipline and build this mindset into your culture. Software tools alone can’t secure your data. Continue to educate end users and those that have access to the data. Update and modify the plan as changes occur in personnel, hardware or software.
- Repeat. Plan for a complete review periodically. Consider assessing quarterly but not longer than a time from of six to twelve months after you complete the first plan or when your business goes through significant changes.
Commit to the program and don’t wait until an incident disrupts your business. It isn’t the breach that will really cost you it is the tarnished image that businesses get following the breach is the most costly. Statistics show that customers, typically the high profile ones, will abandon a company or system if they feel uncomfortable with the security of it.
Here is a great example.
January 28, 2011
Of the new tax breaks is one regarding Section 179 that focuses on IT spending. Chandler Kinsey of Ryan Capital helped me get a better understanding of just what the benefits are for business owners. He writes…
Randy – In easier terms, the Section 179 is a write off for small businesses who make IT or any capital purchases up to 500K. The business owner can place equipment for their business and deduct the entire expense in one year. They can then use the lease to cash flow the purchase rather than pay cash.
Here are the bullet points:
1) For the business owner, Section 179 is now a 500K deduction limit for capital purchases. This is a very robust deduction for small business
2) The Bonus Depreciation is above and beyond the Section 179 for more capital intensive companies as they evaluate their IT spending requirements.
3) The customer can lease/finance and conserve cash flow while taking advantage of this deduction. This may encourage new hires or increases in inventory for increased demand.