Monday, February 1, 2016

Improving your Security Posture

Everyone, including the author, has plenty of room for improvement in regards to computer, network and operational security.  As people become more computer savvy (or your adversaries know someone that is) users are more exposed to computer security related threats.  There are many tools that make hacking your systems easier for the less skilled, and with very little skill, thieves can access stolen hard drives in minutes.  We rely on computers for everything from banking, commerce and running entire businesses. Laptops contain enough processing and storage to hold years of client and other confidential data.  

One of the biggest problems comes from malware, and the fact that virtually any website or email attachment can silently put your computer under the control of criminal gangs, usually in other countries.   Often these gangs are from Russian speaking countries with sketchy cybercrime enforcement.  These gangs make billions each year compromising the computers and bank accounts of unsuspecting users all over the world. Most business owners are unaware of a compromised system.  If that system is used for online banking, hackers drain the business account which has fewer of the protections afforded to consumer accounts.  This can kill a business and cause personal financial ruin overnight.  Dave <last name redacted>, a security expert in San Diego, has a small document on how to prevent this scenario provided below in the “operational security” section of this.

This article is applicable to everyone but if you are a small business owner, it’s wise to take a look at this article and get your security house in order.  According to a 2012 report from Symantec, the largest growth area for targeted attacks were businesses with fewer than 250 employees, acounting for 31 percent of all attacks targeted.  In some cases, it may become a legal issue if a business isn’t conducting some basic due diligence in regards to security.  If a business isn’t taking what may be considered basic precautions to protect client information, that attorney, accountant, or social worker may have significant legal exposure.