|
|
| Summer
Tips For Information Security and Privacy Ah, the summer! There just isn't a more relaxed and carefree time of year. Caught up in the bottoming motivation and productivity levels is an apathy about information security that presents business with the dangerous prospects of information loss and unauthorized disclosure, computer infections and other mischief. The number of security attacks on your business information this spring alone exceeded 2003's total and the number of small and mid-size businesses reporting breaches has doubled since last year (Deloitte). Keeping in mind that most of the perpetrators do their best work in their spare time, it stands to reason that the summer months offer a welcome break from other distractions, so while businesses and employees are dreaming about sandy beaches, John Q. Hacker is working double shifts to get into your servers. Most businesses have invested in self-updating anti-virus scanners, plug & play firewalls and even 'IT people' who occasionally take the pulse of their systems. Does that give them more time to dream about palm trees and tropical islands? Certainly. Does it reduce the security risk to their information? No. Let's have a look at the reasons why summers are worst-case situations for unprepared businesses, in a not-so-far-fetched scenario: Why work when you can play? Rather, why work when everyone else seems to be playing? The scenario: Top security threats: b) staff tends to share and open more non-business emails in search for distractions. Unauthorized web sites, inappropriate use of Internet resources and transferring work to home computers jeopardizes every effort made to protect information security. c) in the unlikely event in which a breach is actually discovered, IT staff are often on vacation, or busy, rendering infections even more effective. Most breaches however, are rarely detected before it's too late, especially since firewall and intrusion detection logs are the last reports any 'busy' person ever wants to read. d) a relaxed work environment is often accompanied by other slowdowns. In particular, patch management, one of the most important aspects of security, falls behind schedule, either at the server of workstation level. With the average 'exploit' currently taking a mere 6 days, hackers often release viruses and other 'malware' capable of taking advantage (exploiting) the latest unpatched vulnerabilities. Because such software is often intelligent enough to apply patches to an infected system after making itself at home on a given computer, it is both difficult to detect and impossible for another hacker to exploit, giving IT administrators a false sense of security while their systems are in fact, under another person's control. e) perhaps more importantly, staff security awareness sessions and policy enforcement fall by the wayside during the summer months, as it is difficult to schedule effective training sessions with fragmented groups of often distracted employees. Security training for employees is a critical part of any business' activity, this year more than ever before, so if you value your company and clients' information, stick to your schedule. Stay safe and enjoy the summer! For simple solutions that help mitigate security risks, contact Informatica and ask about FlexProtect security support. Claudiu Popa is the founder and president of Informatica Corporation, a Toronto-based security consultancy dedicated to changing the status quo and promoting best practices for information and business protection. He can be reached at Claudiu@InformaticaSecurity.com. or by visiting www.InformationSecurityCanada.com |
