Why is security important and why involve the C-suite? Cyber security is becoming an increasingly hot topic to businesses in all industries. We've seen the SEC getting involved with Investment Advisors and Broker Dealers to force improved cyber security controls. The FBI has warned multiple times about cyber security issues and encouraged even small businesses to take action ASAP. So where should businesses start? It starts from the top! Get your executive reporting and responsibilities for cyber security defined properly.
Is your IT department having trouble keeping track of the access rights each user has? It’s a huge job, which makes it incredibly easy for things to get missed along the way. Flawed processes for adding, changing or removing user access rights are responsible for a lot of stories we’ve heard about insider misuse. Take the example of Goldman Sachs where a programmer stole company IP, or a case we blogged about a few months ago where a former employee released sensitive company data after being let go.
Topics: Human Resources
Insider attacks are among the most common type of attack that businesses face, but they certainly are the most costly. Malicious insider attacks cost an average of $182,025 in 2014, according to Ponemon institute.
Does your business use email? The CAN-SPAM Act is a law that sets the rules for commercial email, gives the recipients the right to have you stop emailing them, establishes requirements for commercial messages, and issues tough penalties for violations.
It can be said that if one data backup, replication, archival and recovery provider is good, more must certainly be even better, right? It could be a smart choice to have a backup for a backup, just in case the first one experiences an issue or ends up shutting down entirely. This however, is not at all true based on several findings and key information. When it comes to data protection vendors, one is great because they have sole possession and they have a key understanding of what is going on and one solid system and process is being used. Having two is still okay, but having three or more is more than likely worse than having nothing at all.
President Barack Obama issued Executive Order 13636 that calls for the strengthening of "Critical Infrastructure Cybersecurity" nearly a full year ago on Feb. 19, 2013. Yesterday, the National Institute of Standards and Technology announcingthe release of version 1 of a Cybersecurity Framework.
Every company faces this dilemma at some point: an employee must be discharged from their job where they had access to confidential corporate data. The reasons are as varied as the people themselves. Perhaps the discharge is due to corporate downsizing. Maybe the company is changing its focus and the employee’s job has become obsolete. The worst scenario occurs when the company finds an employee doing something nefarious, such as stealing information or accessing confidential data to which they have no business responsibility, such as looking up the personal contact information for a client that the employee wants to date.