How to hacker-proof your business
Is the information stored by your company secure? Here's how to make sure your confidential data remains top secret.
(Business 2.0 Magazine) -- You're savvy. You've read lots of network security horror stories, so you've taken all the usual precautions. You've installed firewalls, password-protected your gear, and created offsite backups.
But is that enough?
Probably not, because "information security" has practically become an oxymoron. The technologies that make today's corporations more efficient and effective also make them more vulnerable to attack.
Leakages tend to occur at the seams of an organization's defenses: A backup tape falls off a truck on its way to storage, or a laptop loaded with private data vanishes from the trunk of a car.
Targeted threats are evolving as well. The glory days of the lone hacker toiling away in his bedroom are a thing of the past; today's more sophisticated intruders have organized themselves into syndicates to conduct Mission Impossible-style "ops" - they actually call them that - to pilfer information from your network.
Don't count on your shiny new firewall to shield you, because it can't protect all your critical information, and data spills are very costly.
On top of the expense of investigating and cleaning up after a breach, your company may face potential Federal Trade Commission fines, civil liability, state action, and punishment in a competitive marketplace that frowns on sloppy information management.
The cost of alerting customers that you've lost their private information - a procedural requirement in many states - is itself nothing to sneeze at. After a hacker accessed records on 1.4 million state residents, California's Department of Health and Human Services spent $700,000 on mailing costs alone to alert the victims. Add to that the expense of offering your customers free credit monitoring and replacing the ones who flee to competitors, and a breach that exposes a mere 100,000 consumers can cost a company $23 million, according to security vendor Vontu.
The case for preventive medicine is strong. But how can you begin to defuse the threat? Read on for a detailed look at the information security hazards found within a typical office workplace.