How Safe is YOUR Information?
3 Simple Tips to Improve Your Information Security Program
By Mark Egan
- Know who can access your systems
- Keep your hardware and software current with security updates
- Monitor your network for suspicious activities
Every day we hear about information security issues and the associated business impacts. We are talking billions of dollars from data breaches, stolen valuable IP, and compromised sensitive information. While legislators are busy “thinking” about how they will “help” protect us, I recommend that you focus on three areas that will greatly improve your information security program to minimize negative business impacts.
First and foremost, do you know who can access your systems?
This may seem like a simple question, however, our experience is that organizations do not do a very good job of managing personnel and systems access, especially non-employees. Make sure that only authorized personnel can access your systems and have an ongoing process to maintain personnel additions and deletions. Recently, a major retailer experienced a security breach of 40M credit/debit cards that was a result of credentials being compromised that were provided to their air conditioning vendor.
Second, are you keeping your hardware and software current with the latest security updates?
These are generally provided free of charge by the vendors. Establish an ongoing process to ensure that occur on a regular basis to mitigate risks. Take for example the “Heartbleed” bug that exposed about 17%, or half a million, certified secure web servers to encryption vulnerability and information theft. SANS Institute, a cooperative research and education organization dedicated to information security solutions, provides a wealth of free information on best practices for patching hardware and software (www.sans.org).
Finally, do you monitor what is going on within your network?
You would be surprised at what we found working with clients just starting to implement their security monitoring systems; everything from employees accessing inappropriate web sites to hackers that steal valuable IP and operate undetected. You might consider having a third party provide this service for you, if you do not have the in-house capability.
StrataFusion has worked with several public and private organizations over the past year and we have found these simple security measures have not been addressed within their organizations putting them at risk. The simple tips presented are not expensive to implement and provide considerable improvements to your information security program.
Start protecting your information today – learn more.
StrataFusion Security Practice
Mark Egan’s Guide will walk you through the process.
The Executive Guide to Information Security: Threats, Challenges, and Solutions