The Hacker Prevention Checklist

hacker-prevention-checklist.jpg

.

The key elements that IT executives should be reviewing are as follows:

  • Access rights – as mentioned above access rights need to be tied to particular jobs (or tasks or positions). Access rights need to be tightly defined and controlled and kept up to date.
  • Firewalls and sandbox – there are a number of technologies such as these that provide the basic security protection. IT executives should have the security team verify that all the protections are in place and that all unused ports are blocked to prevent malicious activities.
  • Encryption – encryption of data at rest and in transit is one of the best ways to make sure data is protected from unauthorized use. The impact of encrypting data is minimal these days while the payback can be tremendous. If Sony had encrypted its data, the breach would have been a non-event.
  • Secure applications and data vs. devices – the authorized devices should always be secured no matter who provided them but, more importantly, the applications and database, which are the crown jewels, are the components to be secured the most. There should be passwords required to get into applications and databases that have confidential corporate and/or personal information in them.
  • Patches – patching software is a way of life. It is not easy to keep current but companies must be as aggressive as possible to keep up to date and thereby prevent attackers from gaining access through known software flaws.
  • Security operations control (SOC) – while it may be obvious to all to have an SOC to monitor potential malicious activity, many companies fail in this regard. Target’s SOC was asleep at the switch and allowed the breach to continue for months before the problem was noted.
  • Attachments – email attachments are a great way for hackers to gain access. Attachments from junk mail should be stripped from the email before being delivered. This automatically prevents naïve users from accidently opening a file they shouldn’t.
  • PC and smartphone wipes – before PC disk drives (or other drives) and smartphones are returned or discarded they need to be wiped clean. At a minimum three wipes should be done but using the Department of Defense seven wipe method is far superior. Failure to wipe the devices means that the new possessors of these units will have unfettered access to company data.

Summary

No one can expect zero risk exposure any more but that does not mean one should not try to minimize the risks. Every company has customer and financial records and intellectual property that need to be secured. Failure to do so exposes the firm to negative press, impacts brand loyalty and potentially can result in fines or lost revenues. Whether it’s Board members, business owners or IT executives have all have a fiduciary responsibility to make sure the company is protected as much as is reasonably possible.

Protection of customer and corporate data is a fiduciary responsibility that cannot be ignored or offloaded. Small business owners and IT executives need to constantly monitor privacy and security status and ensure that the company’s risk exposure is within an acceptable range. The nature of attacks and recent breaches show that well-financed actors are involved – from criminal elements to corporations to government agencies.

The attack vectors will continue to become more complex and sophisticated and enterprises must keep raising the bar. Small business owners and those with IT executives must ensure the company has a culture focused on privacy and security and execute governance initiatives that are measured, monitored and reported. Awareness improves compliance and minimizes risks.

Questions? Ask Cal: cbraunstein@rfgonline.com

Related articles:

Who Owns Your Emails?

The “Target” Lesson

Small Business Opportunity for 2015

RELATED POSTS

AI and Web3: Unleashing the Power of Decentralized Intelligence

AI and Web3: Unleashing the Power of Decentralized Intelligence

The fundamental definitions of AI and web3 as they stand today By now you have probably heard a lot about the pros and cons of Artificial Intelligence or AI and Web3. In this article, we will explore the relationship of AI and Web3, its implications across various...

Video Gallery

Polls

Sign Up for the Latin Biz Today Newsletter

PR Newswire

Innovation & Strategy

Money

Talent/HR

Legal

Marketing

Culture

Fashion

Food

Music

Sports

Work & Life

Mindfulness

Health & Fitness

Travel & Destinations

Personal Blogs

Pin It on Pinterest