When it comes to security risks and errors, businesses often fall victim to assumptions and oversights. The reality is that the protection of information and applications is always evolving and, as criminals find new ways to exploit weaknesses, it's tough to stay one step ahead.
Your organization’s data is in the cloud, so now what? Is it secure? Where is it? Is it readily available? Who is accessing it?
It seems we can’t go more than 24 hours without hearing about the latest and greatest data breach that affects millions. So we ask ourselves, “What can we do better?” After all, if the “bad guys” can hack into the federal government, Home Depot, and Target, what hope do small and medium-sized businesses have?
Most employees want to be productive. As cloud service consumers, they have become accustomed to finding a tool or app that will help fill a need and simply buy it without obtaining approval from the organization first. This practice of employees bypassing IT management to procure tools and services without proper vetting has infiltrated the workplace and is known as Shadow IT.
Over the past four decades, organizations of all sizes have seen a significant change to how they do business, due to evolving technologies. And now, as we approach the end of the 2010's decade, the term “Digital Transformation” is abound and you might ask, "Haven’t we already done enough transforming?"
I packed my cloud bag and in it I placed...
As we've begun to adopt a myriad of cloud-based services, our network perimeter has become more expansive and therefore, potentially more porous. Cloud services may need additional firewall ports open, which is equivalent to opening more doors into your home. On top of this, your employees are now working wherever they want and they’re using a handful of different devices. Last but not least, your data is racking up an impressive amount of frequent flier miles as it travels and gets stored in platforms strewn all across the country.
I spent a lot of time early in my career solving complicated problems related to security. In the late 1990's, I consulted as a civilian for the NSA to help automate the 'need-to-know' access of their internal web infrastructure and documentation. I followed that with some time as a Reserve Information Operations Officer for the U.S. Army, and then working for financial services companies including VISA during the birth of the PCI standards. Needless to say, the security field is one with overwhelming depth and it can be challenging for companies to make an iterative, incremental plan to become more secure.
Has anyone at your organization ever received an e-mail that was not what they thought it would be? Maybe it was a message from a vendor looking to verify sensitive account information; a message from an accountant sending completed tax returns, but in the month of August; or a note from what appears to be your accounting firm, indicating they need you to confirm Social Security Numbers in order to send employees paychecks?
As we all work through our holiday gift giving lists this "Cyber Monday," it's important to be cyber aware of "the Grinch" lurking in the corners waiting to steal our private, and what we hope and think is secure, information. So, before you begin to cross the names off your list while experiencing that great sense of accomplishment, take a few moments to read through these "cyber shopping" best practices to protect yourself and your information. Nobody wants to spend the holidays recovering their data and identity.
It is reported that around 269 billion emails are sent worldwide each day with 150(+/-) of those being delivered straight to each of your employee's Inboxes. According to Symantec’s 2017 Internet Security Threat Report, one in 131 emails contains malware. This means that on a daily basis every one of your employees is faced with emails that threaten the security of your organization’s data.