The Law Says You Must Have Data Security. Here's How to Do It
More and more states are developing and refining laws to protect people and businesses from ID theft. For instance, Massachusetts has passed some of the USA’s toughest identity theft laws, going into effect March 1, 2010. It requires businesses with personal information on any state resident to digitally encrypt it, create and implement a written Information Security Plan, and update all firewalls and other security measures.
How can organizations comply with these kinds of rules? Universal Benefit Plans, a specialized benefits consulting and a full service benefit brokerage firm based out of Boston, Massachusetts, offers some tips. "Fortunately, we had already implemented a lot of the practices they were calling for before the law passed," says Communications Coordinator Meghan Weaver, noting that they're actually helping educate their clients on how to protect data.
"We've digitally encrypted all of our personal data, created written information security plans, trained all personnel on it and obtained written confirmation of this training," Weaver says. "As well, we've updated our firewalls, operating system security patches and SSA software on all of our computers. This protects sensitive data from threats such as Trojans, spyware and other viruses that compromise its security.
Employees were made fully aware of the importance of maintaining security, and were all given a guidebook on secure practices to sign off to show that they had read and understood it.
How severe are the threats that lead to ID theft?
"In the past five years, they have cost businesses and financial institutions close to $48 billion dollars
," Weaver says, underlining the severity of the ID theft problem.
For more information about active and passive tools and processes you can implement to protect your network and customers today, contact Boonbox.
Case for Security Webinar: The Top Ten Application and Database Vulnerabilities
Join Boonbox and Imperva for this live educational web seminar as we reveal the top ten application and database vulnerabilities.
Date and time
Wednesday, September 9, 8:30 - 9:30 am
How to Register
1. Go to http://boonbox.webex.com/meet/boonbox
2. Click "Show All Meetings".
3. Click the "Register" link on the right in the Status column for "The Top Ten Application and Database Vulnerabilities" and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate.
Who Should Register
Business owners and IT professionals looking to improve their business operations through better use of IT solutions.
As an additional benefit of signing up for this Case for Security webinar, you will also receive a complimentary subscription to our newsletters, Cyber Security Informer and Pacific Coast Informer.
More event information for The Top Ten Application and Database Vulnerabilities
Ask A Security Expert
"How can I ensure better physical security for my corporate and customer data?"
We often discuss in this section how certain tools and technical processes can help an organization protect itself. But physical security is absolutely a critical consideration. You don't necessarily need to be a computer hacker to steal data. An unlocked door and an empty office at lunchtime might be all the access someone needs to wander in, pick up a laptop and leave.
Of course, there are even easier ways for information thieves to do their work. The bad guy, wearing a shirt with a courier company logo, comes into the office and "accidentally" leaves a memory stick on a desk. Not too long after, an employee plugs the stick into his hard drive to see what's on it and in no time, there's keylogger and other malware installed on the computer. Done and done.
So, physical locks and security awareness training (assuming you haven't got 24/7 physical security in the office) for all employees to recognize intruders is a must.
As well, put servers into a controlled environment where IT people can control physical access to them. Make sure that those machines run on their own electrical system that includes a backup generator that kicks in automatically if the power to the rest of the office shuts off (as it eventually will).
One way to deal with the issue of physical security is to outsource your data to external servers. This removes the possibility of a physical break-in on your end. But if you do this, you've now opened yourself up to a whole new set of questions about how to ensure you've outsourced your data to a secure company.
Hacker Bait
The latest Hacker Bait list contains highly trafficked websites that have been found to have vulnerabilities that hackers and cyber criminals could exploit.
This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.
If you would like more information on our data and why these sites are listed here, please contact PCIS
Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days
chinaenvironment.com
dearyou.com
deltaelectronicsindia.com
design2please.com
devitsolutions.com
freegooglelisting.com
freshblue.org
home-decor-games.com
hostingarcade.com
hostshield.com
|
interactcomputers.com
killtest.com
lawncafe.com
livesportonline.org
media-post.net
rock-star.com
software-movie.com
study-in-china.org
umstudio.com
wallpaperdon.com |
Other ways to stay connected
About Boonbox
Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.
PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.
How to Subscribe/Unsubscribe to the Informer
SUBSCRIBE: To subscribe to the Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com
UNSUBSCRIBE: If you do not wish to receive future issues of the Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.
WE WANT YOUR FEEDBACK: Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558
|
