Seven Ways to Avoid a Corporate Data Breach
Data breaches are bleeding companies and governments by about $843,000 per year, a 97 per cent increase over last year (Vancouver Sun, "Corporate security breaches booming: study"). Clearly, both private and public organizations are still cutting corners when it comes to IT security.
As usual, we've got some tips about how to improve security for your organization, partners and customers, this time courtesy of the Office of the Privacy Commissioner of Canada.
1. Get a security system, not just a security product. Almost half of closed data breach incidents resulted from inadequate or absent security systems.
A system means a range of corporate security tools and services such as firewalls, antivirus and antispyware, network and web application scans that makes sense for your unique business setup. There's not one catch-all security product out there that will protect from all vulnerabilities, so you'll need to have your IT security experts take the lead on investigating and recommending the best combination of security improvements.
2. Implement employee security awareness training. About half of all data breaches are partly a result of inadequate knowledge by employees about how to protect customer privacy.
3. Trust (your employees), but verify. "Rogue employees" in the company or third-party service provider processing customer information were active in 31 per cent of reported data privacy violations.
4. Develop administrative procedures with security in mind. Data breaches often resulted from basic office tasks such as mailing, emailing, faxing and database maintenance.
5. Ask your third-party service provider how they provide security for your data. About a third of the time, the breach happens while the data is in their hands.
6. Set rules on what data employees can take with them outside the office and enforce those rules. Employees working remotely, from a home-based network or while traveling were involved in 18 per cent of data breach incidents.
7. Destroy the data irrevocably when you don't need it anymore. Almost 10 per cent of incidents resulted in part from inadequate or incomplete data destruction procedures. This will likely require close cooperation by the IT department and management to ensure rational and business-appropriate policies are in place.
Data breaches often involve a combination of causal factors like those cited above. Make sure you cover all your bases and get expert help if your need it.
Would you like help in keeping your organization safe from network and web security threats? For information about website security scanning and other ways to protect your business and customers, contact Boonbox.
Ask A Security Expert
"Should we block social networks at the office?"
Blocking social networks at work is increasing among many organizations. For some companies, it can make perfect sense. Many office workers don't actually need Internet access to do their jobs, or at most need to visit a very small number of websites to grab information or use applications. Blocking social networks is just an extension of this. It's a simple way to prevent employees from infecting the network by visiting malware-infected sites.
That said, in a knowledge-based economy, blocking social networks may not be a realistic option for many or even most companies. As well, if employees feel they really need to visit social networking sites to do their jobs well, they will find ways around such blocks by visiting proxy sites or through mobile devices.
A better option is to provide security awareness training for all employees, particularly those who have to use social networks on the job. Ensure they understand what company information is private and what can be posted in a blog or on a Facebook Event page.
Show them how to recognize phishing scams and caution that even experts can get tricked by fake websites, so also promote the use of security apps like the PCIS free online security tools.
If your organization requires assistance in developing web security and network security policies, contact Vancouver's IT consulting and security experts.
Devfense Cyber Alert
PCIS Devfense Cyber Alert identifies websites that are vulnerable to attack. See the latest websites identified as vulnerable to badware at Devfense Cyber Alert on Twitter
This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.
If you would like more information on our data and why these sites are listed here, please contact PCIS
Devfense Cyber Alert Sites With Vulnerabilities Discovered in Past 90 Days
businessjournalism.org
century-properties.com
cityofbath.co.uk
creditjusticeservices.com
fast-english.com
fundraiseralley.com
homeofcities.org
indias-hotels.com
jordan-services.com
moneymachinemaker.com
|
musicinscotland.com
new-film.info
onewaylinkexchange.net
pharmacycouncil.org
shanghai-style.com
supernatural-fan.org
teachtalktrade.com
tutorialcheese.com
virtualclassroom.org
wholesaledigitalproducts.com |
Other ways to stay connected
About Boonbox
Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.
PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.
How to Subscribe/Unsubscribe to the Informer
SUBSCRIBE: To subscribe to the Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com
UNSUBSCRIBE: If you do not wish to receive future issues of the Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.
WE WANT YOUR FEEDBACK: Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558
|
