« Will Twitter Secure Value NOW? | Main | SMB Security: Five Bright Ideas from CSOonline on How to Secure Value »

07/18/2009

Why don't small businesses Secure Value?

 

We don't build buildings without locks but we do build intellectual, informational and digital assets without locks, why?

Apps-button

 

I asked a number of people last week:

Regarding Twitter's security breach announced today as an example, how should startups consider information security in their planning?

I got a mix of responses that boiled down to:

  • Information security is too complicated, too technical for startups to consider.

  • Start ups don't have the capital to invest properly in information security.

In the context of the Twitter story .... one of the founders, first name Jack, had as his username / password combination to use Google apps Jack with the password, password .... the responses do not make sense. 

Twitter has brilliant innovative people working for them who fundamentally understand information technology.  The information security control (read: lock) that wasn't in place would cost $0 as their bad week could have been prevented by a hard to guess user name and a strong password.  In the end it is negligence and a lack of awareness about how important this stuff is (or perhaps awareness that bad things do happen).  How many other startups and growth companies enter the marketplace without proper protections?

Posted by Douglas Davidson at 03:44 PM in Secure Web Development, Security in the Business News, Small Business |

| | |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a0115705c9c4c970c01157216b955970b

Listed below are links to weblogs that reference Why don't small businesses Secure Value?:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

It doesn't take much to secure information. Zip files can be created with password protection and there are even more sophisticated security features that can be purchased for cheap.

Posted by: mlgreen8753 | 08/16/2009 at 02:25 AM

It takes intentional effort to secure information. Simply zipping up your confidential files won't necessarily secure them. A lot of product vendors answer the question in a similar way. It is easy to secure information, all you have to do is install Firewall Brand X, anti virus, etc. and you are secured.

Securing value entails safeguarding your critical data, information and processes to ensure they are confidential, available and have integrity (think accurate information). Even small business owners have a plethora of government regulations to adhere to.

Just zipping files won't provide for all of those needs. My answer ignores the fact that a zipped file with a weak or non-secret password isn't secure. And ignores the fact that zipped archives have been cracked.

We say there is no such thing as a silver bullet. One technology won't provide all the security functions you need.

Posted by: Douglas Davidson | 08/16/2009 at 09:26 AM

The comments to this entry are closed.

My Photo

About

TypePad Profile

Get updates on my activity. Follow me on my Profile.

Categories

Twitter Updates

    follow me on Twitter
    Blog powered by TypePad
    Creative Commons Attribution-ShareAlike 3.0 Unported