Online Business

02/24/2010

Secure Value by Understanding the Criminals in the Digital Neighborhood

Highland Park's Only Gated CommunityImage by waltarrrrr via Flickr

I just got a crack at reading Deloitte’s new Center for Security and Privacy Solutions' report titled Cyber Crime: A Clear and Present Danger.  It is a quick 16 page read and worth it for any entrepreneur or emerging business innovator, CEO or COO.

We are building business in a digital world.  Knowing the neighborhood, so to speak, is important.  Along with all the good things things about the neighborhood -- effeciency, effectiveness, new markets, new products and services, collaboration -- comes new forms of crime, new scams, new ways that our business dreams can be damaged or destroyed.

My business partner at Jacadis, Simon Herring, often speaks of our efforts as cyber security and risk professionals at protecting 10-foot walls againts 11-foot ladders.  The reports key finding "Threats posed to organizations by cyber crimes have increased faster than potential victims—or cyber security professionals—can cope with them, placing targeted organizations at significant risk.

In interpreting the survey responses Deloitte reports that "cyber crime constitutes a significantly more common and larger threat than respondents recognize."Bluntly cyber criminals are innovating in the digital marketplace just like the rest of us; only their innovation is outpacing what are traditionally considered best practices.

The report in Deloitte's words "is directed toward senior leaders including CIOs, CSOs, CROs, operational risk managers, government agency budgeting and procurement professionals, and other executives and professionals with decision-making roles in the security of their organization’s IT environment and of the assets within that environment.

It is a quick 16 page read and worth it for any entrepreneur or emerging business innovator, CEO or COO.  It is worth reading for those in the IT audit profession as well.

Some trends pointed out in the report:

  • Cyber attacks and security breaches are increasing in frequency and sophistication, with discovery usually occurring only after the fact, if at all.
  • Cyber criminals are targeting organizations and individuals with malware and anonymization techniques that can evade current security controls.
  • Current perimeter-intrusion detection, signature-based malware, and anti-virus solutions are providing little defense and are rapidly becoming obsolete—for instance, cyber criminals now use encryption technology to avoid detection.
  • Cyber criminals are leveraging innovation at a pace which many target organizations and security vendors cannot possibly match.
  • Effective deterrents to cyber crime are not known, available, or accessible to many practitioners, many of whom underestimate the scope and severity of the problem.
  • There is a likely nexus between cyber crime and a variety of other threats including terrorism, industrial espionage, and foreign intelligence services.
Or more simply put.  You lock your office, warehouse, storage, retail, etc. facility because leaving the door open would invite a criminal. 

Do you lock your digital doors?

Does your business design, operation, IT infrastructure invite criminals?

The report can be found at: http://www.cio.com/documents/whitepapers/CyberCrime.pdf.

Related articles by Zemanta
Reblog this post [with Zemanta]

Posted at 10:56 PM in Competitive Advantage, Information Security, Information Security Basics, Innovation, Online Business, Secure Value, Threats | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , ,

|

02/18/2010

Secure Value By Managing for Social Media Security and Privacy

A round parachute constructed from gores of ma...Image via Wikipedia

The following question has been asked in several ways to me online and in the Q&A of speaking engagements I've recently done.  It is a question you should be asking if you are using social media to run and grow your business.

What issues are there with social media security and privacy? How are they resolved? What can I do to prevent or reduce problems especially with Facebook and Twitter? Should we jump into the social media world?

1. You'll need to be prepared to be protected from viruses, malware, worms and a whole slew of other nasty software threats. You should be protected from those issues regardless of whether you Facebook or Tweet. Just connecting to the internet will expose you to these threats. Facebook and Twitter are just another delivery channel for what we call malware in the security industry.

The solution is protecting the endpoints in your business (speaking English that means your computers and your cell phones). A good endpoint security package is going to include a personal firewall, anti virus, and anti spam. My company is a big fan of Sophos end point products as they are partners of ours.

2. Privacy is about control. Don't publish details you don't want to be out in the open. The obvious no no is over publishing personal information. Giving too much away, in regards to travel or equipment purchases, etc. can expose you. There are documented cases of people tweeting on vacation only to come back to stolen electronics. A coincidence? Or a follower?

Nobody knows for certain but there is no reason to expose yourself. Be careful of geo tagging for the same reasons.

3. Understand social engineering techniques. Social engineering is when people online use old cons to trick you to do things they want. Get rich quick schemes, emails from people you don't know (particularly with downloads) and the like are typical concerns. We've dealt with cases of social engineering where enough detail was given on Facebook, Twitter, etc. that the attack actually came over the phone with people pretending to be people known to the victim.

4. Back your systems up. IF you are attacked you don't want to lose all your hard work.

Scary? Probably. But so frightening you should stay away? Hardly.

My firm is an 11 person information security firm that cautiously and correctly uses social media to run and grow our business.

The security and privacy situation is constantly changing in regards to social media. Get involved in social networking but set aside some time to become familiar with the security and privacy features of these tools (and their weaknesses). Don't listen to people that advise you to stay away from them; embrace them wisely and grow your business!

Related articles by Zemanta
Reblog this post [with Zemanta]

Posted at 11:31 PM in Information Security, Online Business, Secure Value, Small Business, Social Media | | Comments (0) | TrackBack (0)

|

10/16/2009

Do Business in Nevada? Secure Value by Complying with New Security Act

NevadaImage via Wikipedia

Does your company transmit, process or store payment card data about any individual who lives in the State of Nevada?

If so you need to be aware of the new Security of Personal Information Act passed into law in Nevada.  In a nutshell, data collectors or merchants who collect card data to do business will be required to be compliant with PCI DSS in order to legally conduct business in Nevada.

I'm not going to spend time writing something up if I find something insightful already available.  Read the write up on the Nevada Security of Personal Information Act at InfoSecCompliance.

Reblog this post [with Zemanta]

Posted at 09:53 AM in Compliance, Information Security, Online Business, PCI, Secure Value | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , ,

|

10/09/2009

Secure Value by using Strong Passwords

Keys.Image by Bohman via Flickr

Other more complex security and privacy protections don't work if you are not using passwords correctly ... they are your key to security!

I have read more than my fair share of "how to protect yourself in social media" type articles lately (see a good one with links to other good ones at http://www.nateriggs.com/2009/10/how-to-protect-yourself-from-the-social-web/ ) from none security professionals.  These posts discuss protecting your location, creating a family password (like the you say Thunder then I say Flash challenge response) and other very commonsensical kinds of actions to protect your online self.  Most of them forget the basic fundamental password.

So without any more preamble.  Use strong passwords.  They work.  And when you don't use them you can be attacked (See a story on Twitter's corporate accounts being hacked all becwith a loss of tremendous confidential data all because of poor password use).

Use passwords that are at least eight characters long and include a mix of at least 3 of the following character types:  uppercase letters, lowercase letters, numbers and special characters.  (WHY?: Following this practice means that guessing your password means working through more choices making guessing both practically and mathematically  more difficult.)

But doing that makes it harder to remember, too, right?  And most people don't use good strong passwords because they are hard to remember and so because of convenience (or laziness) prefer to type "1234" or "GOBUCKS!".  What to do?

Be thoughtful about how you use and mix these characters (##Pa$$W0rd!! is easier to remember than d$a#aabe and because it is longer mathematically harder to guess):

  • Substitute numbers for letters and vice versa (0 instead of O, 4 instead of A, 1 instead of L, 3 instead of E, $ instead of S and so on).
  • Substitute words for numbers (one for 1, two for 2, and son on).
  • Use capitalization haphazardly (passWord is stronger than password or PASSWORD).
  • Use special characters in front of (##password), to end (password$$) or to punctuate or separate words (password!! or pass#word).

Have some fun.  Use these combinations to create words of phrases that are easier to remember:

  • ##LuckyDuck$!!
  • $$Give8100dPlayRug8y

And then use your passwords like you do your house, car and office keys:

  • Never communicate them over the phone, in an email or over IM (or twitter for that matter!).
  • Log off (lock the door) when you are done with a site or stepping away from your computer.
  • Change your password if you suspect suspicious behavior (it is good to be a little paranoid, no?).
  • Do not allow your Internet browser to save your password (if you lose control of your laptop, netbook or PDA whoever gains controls has control of your entire digital world).
  • Do not share your passwords with anyone.
  • Don't use password hint functions (where you select a challenge like mother's maiden name and you provide an answer) or if you are forced to don't use real data (select mother's maiden name and you provide an unrelated answer like Guinness, but honestly you are liable to fake yourself out on that one so tread lightly).

If you still have trouble remembering you have 2 choices:

  • Don't be shy about hitting the "forgot password" button. (It is more secure to have a password reset sent to your email address than it is to use a simple, easy to use password).
  • Use a password manager like KeePass Password Safe which is a "free, open source, light-weight and easy-to-use password manager".

This sounds so simple.  Yet, it is such a serious topic.  It isn't the only line of defense, but it is an important one and because of human nature (entering passwords does feel like such a waste of our time) an underused line of defense. 

As an executive and online citizen, don't be a victim because you didn't want to invest a small amount of time to do something simple and highly effective.  As a business owner, make sure you have policies in place to expect the proper use of passwords by all of your employees across all of your systems and applications. 




Related articles by Zemanta
Reblog this post [with Zemanta]

Posted at 08:15 AM in Information Security Basics, Online Business, Privacy, Secure Value, Social Media | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , ,

|

09/23/2009

Secure Value with a Social Media Plan


Yesterday, I presented my first pass on Securing Social Media: Protecting Yourself, Your Company, Your Customer.  Over the next few days I'll be posting some lessons learned and other odds and ends from the presentation.

One of the points I made was that your company efforts with social media, to be successful and to be secure, need to be managed from a formal action plan.  The security part of that plan is going to include some thought on policy and the procedures and safegaurds needed to support the policy.  But the policy needs to be business driven which requies a social media action plan or a business plan for the use of social media in your company.

Four firms that I've had contact with who have taught me some valued lessons on the use of social media certainly can help you with that action plan.  I would recommend as you are thinking about how to innovate with social media to contact:



Reblog this post [with Zemanta]

Posted at 10:50 AM in Online Business, Policy, Social Media, Speaking Engagement | | Comments (0) | TrackBack (0)

Technorati Tags: ,

|

09/15/2009

Secure Value by Protecting Yourself, Your Company, Your Customer

Secure PumpImage by david.nikonvscanon via Flickr

Understanding the Security Risks With Social Media for Business

We have taken the plunge as a firm and use Twitter, LinkedIn and Facebook to promote our personal brands, market our business and build community with customers and prospects.

While we've embraced the 2.0 world, we've done so with eyes wide open. As we use the technology to create benefits we also acknowlledge we create risks that must be identified, addressed and managed.

Most professionals, most firms using these new technologies are not "professional paranoids" like we us. 

If you are using Social Media and have concerns about the risks ... or if you have balked at adopting the technology because of your fears of those risks ... please join me for:

Understanding the Security Risks With Social Media for Business
September 21st, 2009
11:00 am — 1:00 pm

Register to join us.  We will discuss:

  • Privacy issues related to social media use
    • For yourself 
    • For your company 
    • For your customers 
  • Tactics to maintain privacy
  • Techniques to maintain security

You will certainly get a chance to network with other busy professionals.


Related articles by Zemanta

Reblog this post [with Zemanta]

Posted at 02:22 PM in Compliance, Information Security, Online Business, Policy, Privacy, Secure Value, Small Business, Social Media, Speaking Engagement | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , ,

|

07/30/2009

Study Says 40% of SMBs not online

Internet hosting provider 1&1 Hosting released a study showing that 40% of small and medium businesses do not have online presence.  The gist of the study focused on SMBs and the barriers that false perception of costs to build an online presence.  Information security obstacles were not included in the study announcement. 

By online presence, the study was referring to web sites and did not consider social networking tools.

I wonder if false perceptions and fears of information security issues are also barriers to going online.




Reblog this post [with Zemanta]

Posted at 04:08 PM in Online Business, Small Business, Social Media | | Comments (2) | TrackBack (0)

Technorati Tags: , , , , , ,

|

My Photo

About

TypePad Profile

Get updates on my activity. Follow me on my Profile.

Twitter Updates

    follow me on Twitter
    Subscribe to this blog's feed
    Blog powered by TypePad
    Creative Commons Attribution-ShareAlike 3.0 Unported