{"id":12145,"date":"2013-02-04T16:40:07","date_gmt":"2013-02-04T21:40:07","guid":{"rendered":"https:\/\/www.saratoga.com\/saratogabusinessjournal\/2013\/02\/becker-data-breach.html"},"modified":"2017-11-08T13:58:27","modified_gmt":"2017-11-08T18:58:27","slug":"becker-data-breach","status":"publish","type":"post","link":"https:\/\/www.saratoga.com\/saratogabusinessjournal\/2013\/02\/becker-data-breach\/","title":{"rendered":"What A Data Breach Costs"},"content":{"rendered":"
By Keith Becker<\/p>\n
\nLegal issues arising from a data breach are
\nin the news almost daily. For all companies, a
\ndata breach has become a means of exploitation
\nfor cyber criminals to extract confidential and
\nprivate information from computers, websites
\nand networks.<\/p>\n
We all now have the wonderful opportunity
\nto use technology to make our businesses more
\nefficient and more widely known. In most cases,
\nthe common users are unaware of all the possible
\ndangers that lie out there while using these tools.
\nThis is very unfortunate as many of these dangers
\ncan cause the company to become liable for a
\nbreach in documentation and resources.<\/p>\n
No one is removed from these attacks and it has become more evident that any company can become a target as the attackers become craftier and more knowledgeable. They are able to use the information against the businesses or their clients as blackmail or even to sell the information to the highest bidder. We personally deal with these kinds of issues on a daily basis, and can never be certain where and when they will strike.<\/p>\n
In the past year, the number of companies that have had their data compromised has grown to become a serious problem. The legal ramifications of such a breach of data can span from very little to very serious consequences financial and legal.<\/p>\n
It is very important to have a method in place both with a good technology services company and a good legal advisor. Below are some security tips that you should follow which are essential to keeping you and your business less prone to attack.<\/p>\n
\u00e2\u20ac\u00a2 Have a strong password of at least 12 characters. No matter how strong an eight-character password is, it can now be cracked in about two hours. A strong 12-character password takes roughly 17 years to crack. Use a pass phrase so you can remember the password.<\/p>\n
\u00e2\u20ac\u00a2 You may want to log activity on USB ports, because it is common for employees to lift data via a thumb drive. Without logging, you cannot prove exactly what was copied.<\/p>\n
\u00e2\u20ac\u00a2 Change the defaults. It doesn’t matter if you are configuring a wireless router or installing a server operating system. In all cases, make sure you change any default values. The default user ID and passwords are well known for any software or hardware installation.<\/p>\n
\u00e2\u20ac\u00a2 Your laptop should be protected with whole disk encryption–no exceptions. Stolen and lost laptops are one of the leading causes of data breaches. Many of the newer laptops have builtin whole disk encryption. To state the obvious, make sure you enable the encryption so your data is protected.<\/p>\n
\u00e2\u20ac\u00a2 Backup media, a huge source of data leaks, should be encrypted. If you use an online backup service, which means you’re storing your data in the cloud, make sure the data is encrypted in transit and while being stored.<\/p>\n
\u00e2\u20ac\u00a2 Keep your server in a secure location and in a locked closet or room. Physical security is essential.<\/p>\n
\u00e2\u20ac\u00a2 Most smartphones write some amount of data to the phone. Opening a client document may write it to the smartphone even if you do not you save it. The iPhone is particularly data rich. Make sure you have a PIN for your phone. This is a fundamental protection. Don’t use “swiping” to protect your phone as thieves can discern the swipe the vast majority of the time due to the oils from your fingers. Also make sure that you can wipe the data remotely if you lose your phone.<\/p>\n
\u00e2\u20ac\u00a2 Wireless networks should be set up with the proper security. First and foremost, encryption should be enabled on the wireless device. Whether using Wired Equivalent Privacy (WEP) 128-bit or Wi-Fi Protected Access (WPA) encryption, make sure that all communications are secure.<\/p>\n
\u00e2\u20ac\u00a2 Make sure all critical software updates are applied. This may be the job of your IT provider, but too often this is not done.<\/p>\n
\u00e2\u20ac\u00a2 Control access. Does your janitor really need access to QuickBooks? Probably not. This is just another invitation to a breach.<\/p>\n
\u00e2\u20ac\u00a2 If you terminate an employee, and immediately cut all possible access (including remote) to your network.<\/p>\n
\u00e2\u20ac\u00a2 Using cloud providers for software applications is fine, provided that you made reasonable inquiry into their security. Read the terms of service carefully and check your state for current ethics opinions on this subject.<\/p>\n
\u00e2\u20ac\u00a2 Be wary of social media applications, as they are now frequently invaded by cyber criminals. Giving another application access to your credentials for Facebook, as an example, could result in your account being compromised.<\/p>\n
\u00e2\u20ac\u00a2 Have a social media and an incident response policy.<\/p>\n
\u00e2\u20ac\u00a2 Let your employees know how to use social media as safely as possible, and if an incident happens, it is helpful to have a plan of action in place.<\/p>\n
\u00e2\u20ac\u00a2 Dispose of anything that holds data, including a digital copier, securely.<\/p>\n
\u00e2\u20ac\u00a2 Make sure all computers require screen saver passwords, and that the screen saver gets invoked within a reasonable period of inactivity.<\/p>\n
\u00e2\u20ac\u00a2 Use wireless hot spots with great care. Do not enter any credit card information or login credentials prior to seeing the https: in the URL.<\/p>\n
\u00e2\u20ac\u00a2 For remote access, use a virtual private network (VPN) or other encrypted connection.<\/p>\n
\u00e2\u20ac\u00a2 Do not give your user ID and password to anybody.<\/p>\n
None of these safeguards are hard to implement.<\/p>\n
Unfortunately, even if you implement them all, new dangers will arise tomorrow. The name of the game in information and network security is constant vigilance.<\/p>\n
Keith Becker is a systems engineer for Tech II Business Systems, Inc.<\/p>\n","protected":false},"excerpt":{"rendered":"
By Keith Becker Legal issues arising from a data breach are in the news almost daily. For all companies, a data breach has become a means of exploitation for cyber criminals to extract confidential and private information from computers, websites…<\/p>\n","protected":false},"author":121,"featured_media":13247,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,32],"tags":[],"class_list":["post-12145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-reports","category-legal-accounting"],"yoast_head":"\r\n