The fact of the matter is that , at some point, you will suffer a security breach; you may even have a breach right now . Forrester predicts that in 2015, at least 60% of enterprises will discover a breach of sensitive data. Most breaches are not even discovered by the breached party. Inadequate incident response leads to financial, operational, and reputational losses.
So what do you do to protect yourself and/or recover? You must create a plan around the privacy, security and compliance of Social, Mobile, Analytics and Cloud (SMAC).
That means you must establish an ongoing incident management program. An incident response plan, like a business continuity or an IT disaster recovery plan, is your immediate response to a specific threat. To be effective, you need to establish an ongoing incident management program that lets you identify the potential risks so that you can create appropriate response plans, test those plans and keep them current. The plan should include the privacy, security, and compliance around SMAC.
Companies and Institutions should quickly learn , perform gap analysis around all platforms and policies and bridge gaps and enter into a solid policy and practice around “SMAC” . Feel free to join us in Cleveland or Columbus , Ohio June 10th or 11th 2015 in order to assist your team in its ability to launch into this mission critical activity quickly and effectively.
Please see link below for free registration information: on the upcoming Cleveland and Columbus Lunch and Learns
Attend events , seminars and classes like this national expert panel and bring back critical nuggets from the IT , Legal, Security and Compliance Community to your Teams today.
Remove the Notion of Cloud Security as an Obstacle to Cloud Adoption
Organizations have traditionally kept their IT infrastructures in-house. This allows them the confidence of knowing they own their equipment and have control over the security of their data and infrastructure. This infrastructure, however, can be quite expensive and inflexible when it comes to increasing or decreasing demand and keeping the hardware and software up to date. To combat these issues, organizations are turning toward shared infrastructures with a pay-as-you-go model.
One of the largest concerns businesses have faced is the security of this shared infrastructure environment. Many traditional IT teams believe they are giving up security for flexibility and cost savings as they subscribe to the theory that these shared infrastructure or Infrastructure as a Service (IaaS) environments cannot possibly be as secure as the traditional in-house setup. These concerns can be mitigated with the use of proper technology, controls, policies and procedures. These technologies include Role Based Access Control (RBAC), Multifactor Authentication (MFA) and data encryption both at rest and in-transit. Using these and other technologies that are currently available, IaaS cloud computing environments can be effectively secured to protect data, applications, and infrastructure.
Many organizations are required to prove information security compliance to auditors. Companies in regulated industries, such as financial services, retail, healthcare, government, and energy, must dedicate significant time and resources to proving compliance. Due to the increasing prevalence of cyber attacks and a number of high profile data breaches, compliance requirements become more demanding every year.
Fortunately, effective cloud and mobile technology security solutions can help companies reduce costs and complexity, reduce the compliance burden and, most importantly, significantly reduce the risk of a data breach. Outsourcing in general has become a preferred model as the cloud eliminates the CAPEX guessing game and lets businesses shed non-core operations. This outsourcing is occurring with both global cloud giants and local providers. Many businesses want to keep their data nearby, meaning growth is emanating out to secondary markets, not consolidating perhaps onto the Google, Microsoft and AWS clouds.
In today’s volatile internet world, following these steps will identify your organization as a good steward of the data of its customers, constituents, and patients.
Learn about seemingly mundane yet critical components of security such as these ten bullets below. Much of what is deemed secure is oftentimes more of an impression than a reality.
- The big box stores, whether online or brick and mortar, may appear secure, yet they are at risk. As we have learned, Target was indeed the target. TJ Max, Home Depot, and others have all been hit hard and breached.
- When it comes to mom and pop vs. big retailers, the small shops seemingly fare better than the big boys. The old adage the bigger you are the harder you fall seems to hold true in cybersecurity (at least in the press reporting). The larger stores seem to have more to lose and are a target as there may be more in the bank; however, many studies show that approximately 75 percent of all data breeches occur outside of large enterprise environments. They seem to be less newsworthy to the media even though they account for about three-fourths of all data breeches.
- Although there is really no one-size-fits-all effective short list of checking a proprietor or how to behave in the digital era, it is wise to look for companies that seem to exhibit best practices. First things first, the best defense in controlling your destiny around cyber and mobile security is to clearly understand and know your risk exposure of your credit and debit cards. As a culture we put a lot of faith while impulse buying that our information and transaction is secure. The truth is we never know.
- If statistics take their inevitable toll and you are a victim of fraud, you want to limit your exposure and make sure your bank is on your side. Know your bank and its policies ahead before you ever use your cards. Be sure to shop for cyber protection and not just interest rates. Your liability limit for credit vs. debit card is a consideration that must be understood. Credit card issuers provide disposable numbers linked to your account. Understand them and use them on major and at risk purchases.
- As a practice, resist and limit information you provide to any company you are doing business with. Do not use primary email accounts for contact info for third-party use; instead provide an ancillary email that you can burn if necessary. Only share personal information with trusted sources. Be extra careful not to share sensitive personal information, such as social security numbers, credit card numbers, and driver’s license numbers. Don’t do business with an entity that does not have a posted privacy notice.
- A good way to protect yourself from breach is to think of online, cyber, and mobile transactions as you would going into a bad neighborhood. Keep your eyes open. Don’t trust an open wi-fi hotspot in a small or large shop to make a transaction as people can lurk there and pick off data.
- Think of the adage, “Nothing is truly free,” including mobile apps. Be mindful of the personal information you give mobile app providers. Many free apps sell your information to a wide range of companies, some of which may have malicious intents. Studies have shown most apps do not have many, or even any, security controls built in. Check http://privacygrade.org/ to see if the app you want respects your privacy and has security built in.
- Be cautious with new “smart” devices. A wide range of new and unique gadgets — from socks to smart cars that are being referred to as part of the Internet of Things — connect you directly to other entities (and even to the Internet) to automatically share information about your activities, location, and personal characteristics. Before using such devices, make sure you know which data they are collecting, how it will be used, and with whom it will be shared.
- There is much that we can do on our own side to assure privacy, security, and mitigate risk. Recently, the Sony Hack reminded us to watch what we write. For every accurate statement made about the recent Sony Pictures hack, there have been many inaccurate ones. Not surprisingly, many of these errors have been uttered by leaders and other self-proclaimed cybersecurity “professionals.”
- Just as notable is the fact every person is vulnerable to hackers, as evidenced by the reputation damage suffered by several Sony Pictures executives whose emails were leaked to media for a litany of comments and seeming positions. Things you may think are cute, funny or private, when exposed to a broader audience out of context, can paint a public picture of a person you are not. This can be very disturbing and unfair. Remember: You should never put anything into an email – especially your work email — that you would not want the entire world to be able to see if that message is not encrypted. The idea is to never write anything you would not allow your own mom to read while coupling that idea with the old adage of “never write what you can say and never say what you can write.” Then, when you are hacked, it is more of a non-event.
Bridging the Knowledge Gap and Building Resources around “SMAC” is a must in a web and data centric world
Learn how to be quick to outsource to providers who are third-party audited and hold various certifications; do not run a cyber shop on your own and without expert consultation and regular updates. Anti-virus companies offer software that will scan your website for malware and alert you of any breach. I was quoted in this Wall Street Journal story about the importance of small businesses making sure customers believe their websites are safe from hackers. It has many useful nuggets in the piece to carry onward. Entrepreneurs and consumers both could consider using security as a differentiator over their competitors. Car manufacturers tout how safe their cars are; although a bit different in nature, so should a business lead with its security and privacy intention and commitment.
It is said that more data and information was generated in 2012 than all of the previous 5,000 years. If this is close to true, we are called to be more vigilant in our practice around privacy and security. The digital era requires that we take the time and effort to instill practices both proactive and reactive, strategic, tactical, including cultural practices, policies and procedures combined in our day to day logistics around privacy and data security
Kevin Goodman is the managing director, partner with BlueBridge Networks, a downtown Cleveland-headquartered data-center business. Goodman is a strong believer in keeping an open mind to alternative approaches to life and work. Goodman often times implements a combination of traditional and unconventional efforts in response to an ever-changing fast-paced technology landscape. BlueBridge Networks delivers best-in-class datacenter services, including virtualization, cloud computing, disaster recovery, and managed storage and security. In the past 12 months, BlueBridge and Goodman have earned “Smart Business” magazine’s Smart 50 award, “Inside Business” magazine’s Cool Tech and NEO Success awards, Medical Mutual’s Kent Clapp CEO Leadership award, and a NEOSA-OHTEC Best of Tech finalist awards. He can be reached at (216) 367-7580, [email protected],www.kevinjgoodman.com or www.bluebridgenetworks.com.