Cyber Risk No. 1: Loss Or Theft Of Confidential Information

Image representing Dropbox as depicted in Crun...
Image via CrunchBase
Cyber risks are a growing concern for every company, no matter the industry. The storage and transfer of data have become necessary parts of doing business, and “putting it out there,” so to speak, increases the chance of a hack-attack. 
File sharing in particular is a major concern for organizations concerned about their sensitive or proprietary data.  With services like Dropbox, Google Drive and Microsoft’s SkyDrive gaining traction daily, IT professionals need an effective way to manage and monitor the flow of their data.  It’s for this reason that both our Harbinger and Nemesis services include a dedicated file sharing category, giving you the ability to control the transfer and integrity of your data.
This month we’ll be looking at three cyber risks most often identified by companies open to disclosure. The first risk is loss or theft of confidential information, which has become even more of a concern for companies and individuals in this post-NSA PRISM world. 
Each year, security threats continue to be more costly and require greater vigilance as evidenced in a recent settlement that cost Sony more than $383,000 in UK-based fines for a 2011 breach of its PlayStation Network. Nintendo also faced similar issues in June of this year with more than 15 million hacking attempts resulting in 24,000 breaches in a single month, according to CBR Online.
The average cost of a breach lasting 3-5 days for a small company is $35,000 – $65,000.  For a large company, that number grows to a staggering $400,000 – $840,000.  If at first glance those figures seem high, consider the cost of the following: time spent responding to incident, lost business, lost assets, reputational damage, and that’s before any compliance issues or fines.
The more your business grows, the more likely it will attract the interest of cyber-attacks. So what can you do to protect yourself? 
1. Pinpoint the associated risks for the types of data that are important to your business. 
2. Define your security policy. 
3. Implement.
4. Review and revise.
Final word of warning: don’t think this is one-size-fits-all. Prevention is dependent on your company’s needs, and could involve establishing Internet use protection or safeguards against intrusion or remote access safety measures for backing up and accessing data. 

Know what you need, and make sure you get it.  For more information about our Harbinger and Nemesis services, visit us at
Enhanced by Zemanta

Taking Responsibility for a Data Breach

Anti-Sexual Harassment Graffiti reading: No To...
Anti-Sexual Harassment Graffiti reading: No Touching allowed: Castration Awaits You (Photo credit: Wikipedia)

A data breach can cause both public
embarrassment and significant cost to the company involved, as well as
employee turmoil and time spent dealing with the incident internally.
This can similarly be compared with handling a sexual harassment
incident. Equally embarrassing and perhaps costly if handled wrong,
there is a follow up surge in both cases for training and awareness
given to the employees at large, hoping to prevent another incident.
The big difference between these
examples is individual blame and repercussions. There is training and retraining or best practices suggestions, but who is getting fired? Even if a company
didn’t fire the people responsible for the sexual harassment, they
would know who to watch for future mistakes and both sides would know
that a second lapse in judgement would be the final one. With a data
breach however, the parties involved may still be a mystery following
the incident and no one would know who to watch or even who to blame
when it happens again.
Government legislation forced
corporations to adjust their company policies and provide staff
training. The high cost of fines and loss of reputation made acting
responsibly no longer a choice. It is now common practice for most
companies to have a human resources department that ensures sexual
harassment behaviour and the punishment for it is written into the
corporate policy. Is enough training combined with clearly defined mandates and consequences being given to deal with network breaches and data loss?
While the corporation suffers a
financial loss and damaged reputation, the result of a company breach
can cause the company to lose on so many more levels: financial and
proprietary information loss, lost sales, damaged reputation, lost
trust from their customers and vendor-partners, the list just goes on
and on. So why is this not being handled by organizations with more
importance and aggression?
A security breach is usually attributed
to sloppy habits and an irresponsible attitude that leads to
behaviour that creates or allows a breach. It doesn’t matter what
people use as an excuse for sloppy habits it needs to be tidied up.
Right now the attitude of the average employee toward information
security is pure apathy. They don’t care and they have no reason to
care. They take no personal ownership over the data they handle for
the company so they feel no responsibility, and no one is ever
singled out for information security misconduct. People’s thinking
would change quickly if there were a red flashing light that went off
on their computer monitor, laptop or device when they specifically
broke corporate security rules.
Companies should be writing fines and
repercussions into corporate policy for incidents such as:
  • opening an email link or
    attachment that did not fit the proper profile
  • going to a forbidden or untrusted site
  • using a USB from an unknown source
Until we can track back data breaches
without fail to individuals that caused it with certain behaviour,
begin with deterring the behaviour that could cause the breach.
Touch that girl inappropriately? You’re fired. Two “red light”
incidents at your workspace? You’re fired. Organizations need a more
aggressive approach to security, because the whole company benefits
and the whole company suffers when reckless and indifferent
behaviour is ignored.
Related articles
Enhanced by Zemanta