Secure Value: Small Business

Small Business

02/03/2010

Secure Value by Keeping Up with Changes in Social Networking

Image by Jukka Vuokko via Flickr

Security and privacy issues in the social media space are evolving so rapidly it seems impossible to keep up; you need to invest some time to stay informed!

Last May I did a series of public presentations on Social Media. The Columbus ISACA chapter is co-hosting a session on social media with the local chapter of the IIA called: LinkedWorking: Utilizing Social Media to Advance & Enhance Business. That session will include a panel discussion on social media which I facilitating.

In reviewing social media through the security and privacy prism these changes have occured in less than a year:

Twitter lost confidential information stored in GoogleDocs because of poor password discipline
Bloggers now have disclosure rules based on new regulations from the FTC.
Facebook has changed its privacy module.
Twitter has begun to offer Verified Profiles to celebs and VIPs.
New threats have emerged on the landscape.

What changes do you see in the next 8 months?

Posted at 05:25 PM in Small Business, Social Media | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: Social Media Security; Social Media Privacy

02/02/2010

State of Ohio Cyber Summit -- February 17, 2010

Image via Wikipedia

The State of Ohio is hosting a Cyber Summit on February 17, 2010. A session is being held for small business and local government.

Download CYBER SUMMIT GENERAL_Final

The summit will address the following questions:

Do you fully understand the risks if you suffer a security lapse?
Are your employees putting your business at risk?
Could your brand be tarnished by cyber criminals if they hijacked your system?
Can good Cyber Security give you a competitive advantage?

I am attending and will blog on the content afterward.

Should you go? I can't speak to the content, but I can speak to the importance of knowing the answers to the questions that will be addressed. Operating without understanding (and managing) the risks facing your business is a recipe for losing value.

Posted at 01:58 PM in Competitive Advantage, Events, Risk Management, Secure Value, Small Business | Permalink | Comments (1) | TrackBack (0)

01/29/2010

Secure Value by Understanding that Cybercrime Increasing Faster than Company Defenses

How are your company's defenses? Don't forget to tend to them as your run and grow your business!

Tonight I read the 2010 CyberSecurity Watch Survey. "The 2010 CSO CyberSecurity Watch Survey was sponsored by Deloitte and conducted in 2009 in collaboration with CSO Magazine, the U.S. Secret Service, and the CERT Coordination Center at Carnegie Mellon."

The report hit close to home because in the past 30 days we have:

begun projects with several firms that have had web sites targeted and attacked;
assisted a firm manage an longstanding employee out of the organization because he had "quit and stayed", taking an offer from a competitor while continuing to "work", explore available confidential information and download it, and;
developed an incident handling and forensic process for a large Software as a Service (SaaS).

The report is a quick read (16 pages). I suggest you dive into it and then use it to talk to your HR and IT management to make sure you are properly protected.

Posted at 12:02 AM in Risk Management, Secure Value, Security in the Business News, Small Business, Threats | Permalink | Comments (0) | TrackBack (0)

01/26/2010

Secure Value by Securing Critical Information

Image by Getty Images via Daylife

I work with business leaders and executives who are nervous their company's critical data might be exposed and who are scared they are not compliant with government rules and regulations. I find most don’t understand the critical nature of the information security game.

Most agree that customer trust and financial integrity are critical to their business.

All agree that the office or store doors and cash box need to be under lock and key.

Few argue that the lights, phones and computers need to come on when work starts each day.

But many think information security which is protecting the confidentiality, integrity and availability of their critical information while also address government and sometimes customer obligations is distraction, bother or obstacle.

Until they have an information loss.

Entrepreneurs need to identify the value of the information within their business, understand the risks to that information and understand that securing it is not just a computer problem.

Does information security and risk management share equal management attention as process quality, customer satisfaction, and financial integrity?

Posted at 02:36 PM in Risk Management, Secure Value, Small Business | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: Information security, Security, Small Business

10/23/2009

Secure Value by Keeping an Eye on RedFlags ... some small businesses may be exempt!

Image via Wikipedia

Trying to manage the incoming waves of regulations is bad enough ... but keeping track of what is on and what is not on anymore is a tough job when you really just want to run and grow your business!

Short one this week. You want to keep an eye on this news. According to an article in SCmagazine.com there is a bill working its way through Congress that may exempt some small business from the RedFlags rules.

Posted at 09:20 PM in Compliance, Red Flags, Secure Value, Small Business | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: Business, Congress, Red flag, Small business

09/15/2009

Secure Value by Protecting Yourself, Your Company, Your Customer

Image by david.nikonvscanon via Flickr

Understanding the Security Risks With Social Media for Business

We have taken the plunge as a firm and use Twitter, LinkedIn and Facebook to promote our personal brands, market our business and build community with customers and prospects.

While we've embraced the 2.0 world, we've done so with eyes wide open. As we use the technology to create benefits we also acknowlledge we create risks that must be identified, addressed and managed.

Most professionals, most firms using these new technologies are not "professional paranoids" like we us.

If you are using Social Media and have concerns about the risks ... or if you have balked at adopting the technology because of your fears of those risks ... please join me for:

Understanding the Security Risks With Social Media for Business
September 21st, 2009
11:00 am — 1:00 pm

Privacy issues related to social media use
- For yourself
- For your company
- For your customers
Tactics to maintain privacy
Techniques to maintain security

You will certainly get a chance to network with other busy professionals.

Posted at 02:22 PM in Compliance, Information Security, Online Business, Policy, Privacy, Secure Value, Small Business, Social Media, Speaking Engagement | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: Business, Facebook, LinkedIn, Privacy, Social Media, Social network, Twitter

09/04/2009

Secure Value by Testing Web Applications -- Lunch & Learn Announcement

Jacadis presenting lunch & learn on web application security with Platform Lab in Columbus

I wanted highlight an upcoming lunch and learn reviewing web application security that might be of benefit to you if your business develops and deploys web applications. The event is free and lunch will be provided. Please register below, and send this on to individuals in your organization who would benefit.

Jacadis, the company I work for, is putting the lunch and learn on with its non-profit partner the Platform Lab, part of Tech Columbus.

Presenter: Simon Herring, CISSP – Founder and CTO Jacadis, LLC.

Cost: Free

When: September 16th, 2009 11:00 am — 1:00 pm - Lunch will be provided

Location: Platform Lab/TechColumbus 1275 Kinnear Rd Columbus,OH 43212

Register here: http://www.surveymonkey.com/s.aspx?sm=nkZ9YHJyBqezQYQM5xDMmQ_3d_3d

Cyber thieves use automated scanners to find web security holes… Why don’t you?

Thousands of web applications have been developed by companies of every size and industry to support business growth, extend customer interactivity, and lower service delivery costs. But how deliberate are you in evaluating the security of web applications throughout the application’s lifecycle, from inception to retirement?

Consider the following:

Many web vulnerabilities exist due to limited knowledge of secure coding principles. Catching these weaknesses before “go-live” can decreases costs related to post-deployment patching and the risks associate with a security break-in.
The sophistication of web hackers and data thieves continues to increase. Just scanning during the development cycle assumes no new web application exploit techniques will be developed and shared in the Black Hat community. The “10 foot wall” you created last Fall won’t be able to withstand the “11 foot ladder” that cyber thieves throw-up this Summer.
In addition to being an established best practice for protecting general web servers, routine web application scanning can help you comply with federal, state, and industry regulations. With little marketing effort, you can also build security into your brand and show your existing or potential clients that protecting sensitive data is important.

The tools and processes are available to prevent the deployment of poorly coded and insecure web applications. Perhaps you know the risks, but you don’t know how to manage them, or where to begin. To answer these questions, we are hosting “Securing Web Applications using Acunetix WVS” to demonstrate how Acunetix Web Vulnerability Scanner (WVS) is an effective tool to add to your security routine.

In this edJACADIS seminar, we will:

Examine the components of a successful web application development process
Discuss the role of web application vulnerability scanning in the overall security process
Explore how Acunetix Web Vulnerability Scanner (WVS) can be used by developers and security analysts alike, to perform automated or manual web vulnerability testing.

Posted at 09:12 PM in Information Security, Secure Value, Secure Web Development, Small Business, Speaking Engagement | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: Application security, Security, Security Scanners, Software development process, Vulnerability scanner

08/31/2009

Secure Value by Understanding Your Customers' Data Protection & Compliance Issues

Be aware of your customers' data protection concerns to help build trust

Alphabet Soup II,
originally uploaded by cdw9.

All of these government regulations stand in the way of gettting things done sometimes ... FERPA, HIPAA, HITECH, COPPA ... but understanding your customers' data protection needs as they relate to government compliance is a path to build trust.

While I was in Boston at the Campus Technology Conference I picked up a couple new followers to my Twitter account from the Other Side Group. The Other Side Group is "a marketing and new media firm that helps organizations in the higher ed and non-profit spaces learn about and implement new communications techniques." Their focus on higher ed and passion for non-profit work caught my attentino so I've been following their blog.

I managed to eke out a decent comment on their blog to an entry they had written on Legal Issues and Social Media Use in Organizations and they repost it as a guest entry Follow up: Legal Issues and Social Media.

The key takeaway on my comment was "when you are dealing with a regulated business in areas that touch on protected data take some time to understand the issues. " That fit the Other Side Group's work in higher education but it translates as important advice for anyone working in almost any business to business entity today. Your customers care about protecting their data. You had better care about it, too.

Posted at 09:45 AM in Compliance, Secure Value, Small Business | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: Business, Higher education, Marketing, Marketing and Advertising, Social network

08/17/2009

Starting Your Own Business?

A downturn in the economy is a great time to start your own business.

Newsweek reports on the history of some big businesses like Microsoft and FedEx who started in downturned economies. My advice as an entrepreneur who works with enterprenuers is "GO FOR IT", but of course do it with intentinoal security that fits your business.

From the article:

"Big businesses are the ones doing the cutbacks and the outsourcing," says Northwestern's Shein. "They have a right to, but it's small businesses that are providing the jobs." In fact, small businesses created roughly 80 percent of new jobs in 2005, according the U.S. Small Business Administration's most recent data.

Posted at 10:59 AM in Secure Value, Small Business | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: Business and Economy, Small business

08/11/2009

Pain of Discipline vs. Pain of Regret

Image by afagen via Flickr

Secure Value by making decisions and investments to account for risks before they become real negative events.

Secure Value posts have slowed down the last two weeks. I coach a 9 and 10 year old football team. I have to confess that my blogging time has been spent getting 16 boys ready to play football. Though I've been busy getting them ready to block and tackle my mind hasn't stopped thinking about the information security game or helping small and medium enterprises stay fit for their own battle.

Last night we were working through the details of a blocking drill. As a coach we tell our kids that you can make a choice ... you can suffer the pain of discipline now or suffer the pain of regret later.

And I realized that information security is the same thing. We don't want to spend the extra time to think up a stronger password, backup files, convene an information security committee meeting, write policy or invest in a firewall. All those things are pain of discipline actions. It will hurt a little bit now but help us avoid it hurting a lot later.

And hurting later includes the greater of the two pains, like the pain of regret. Like when we lose the key proposal or a customer contract to a bad sector on a laptop or server. Or when a client asks us to prove we have a security committee and follow whatever alphabet soup regulation they are accountable to. Or when our weak password is easily guessed and your business penetrated. Or when you have to terminate an employee for inappropriate behavior but can't produce the policy he violated. Or when ....

So take the time to hustle in practice and study your playbook at night ... Oh, sorry ..

Take the time to invest in your future and endure the pain of discipline by considering information security's role in your business and avoid the pain of regret that comes with the impact of a future predictable risk.

Posted at 12:55 PM in Information Security, Information Security Basics, Secure Value, Small Business | Permalink | Comments (0) | TrackBack (0)

Technorati Tags: Information security, Policy, Security, Small and medium enterprises

Secure Value

Secure Value focuses on information security issues that impact the value of start up and growth oriented small and medium businesses.