Ricky Peterson was a Spring Research Analyst at Fortalice® LLC and is a student at Immaculata University.
TEASER/TITLE: How safe you really Aren’t
SUMMARY PARAGRAPH: In this time of instability in the economy, information security is being pushed to the front of many companies. The economy has caused the presence of information and identity theft to increase substantially. Studies show that most companies are “protecting the information function from budget cuts” which is a hopeful sign, but is it enough? The most recent Global State of Information Security Survey says that, although information security budgets are not being slashed, CEO’s are expecting much more from them. This could pose a problem if the CEO say make it work, and then leaves the security personnel to do what they please. Does this seem unlikely? According to an article from computer weekly, there is a major disconnection between information security personnel and the upper management of the company. According to the Ernst and Young global security survey, almost one-third of information security professionals never meet with their board of directors. The CEO’s of companies need to take a more active role in the security of their information.
KEY FINDINGS
Fraud
Identity Theft
Phishing
Global Visibility
How Secure am I?
Compliancy
Cost
Social Networking Fears
RECOMMENDATIONS
Two-factor authentication
Encryption
Hosted security
Internet filtering
Low footprint anti-virus
BACKGROUND
For as long as there has been information security in a company, budget has been a problem. Many companies believe that their information is protected enough. Others think that there are bigger companies out there so why would someone try and steal their information. Thoughts like these cause companies to put information security up on the chopping block first. A statistic from spendonlife.com reveals that identity theft affected over 10 million people last year. This shows us that information security is not a trivial matter. Another matter to watch closely is social networking. This is a concern due to the unprecedented growth rate of such sites. Information may be leaked intentionally or unintentionally via social sites. An example was an over enthusiastic Microsoft employee recently let a few details about Windows 8 leak via a blog site. He more than likely meant no harm but the consequences of his actions may be detrimental to the company. Attacks against your networks and computers must also be taken into consideration. Many companies are moving away from on site server banks and are going toward virtualization and cloud computing. Many experts suggest that this will aid in security and data loss prevention.
STRATEGIC PLANNING ASSUMPTIONS:
Virtualization
Malware
Offsite information storage
ANALYSIS:
Based on research the two biggest concerns for 2010 are the growth of social networking and the lack of funding. Social networking is a hot topic within companies this year. With the massive growth of blogs, Twitter, Facebook and Linkedin, it’s hard not to take notice. Many companies realize the potential for marketing and PR if they utilize these sites. Allowing employees to utilize these sites can also improve employee satisfaction and improve their reputation as a hospitable and ethical company to work for. The problem that arises is how do they keep employees from publishing things that should not be public. For that matter, how do they keep employees from using the social networking sites to connect with other companies and maybe sell trade secrets or be coerced into taking a different job with another company and carrying vital information away with them?
The other big concern is funding. The usual trend is when the time to write the budget comes around and they see something, somewhere, needs to be cut, Information Security is at the top of the list. The reason for this is that it is hard for a CEO to see the long term benefits of a concrete security plan. Since information security has no momentary return, the only tangible thing in that is the funding going out. If an Information security department is serving its purpose well, then there appears to be no reason to have one. If it is doing poorly, then the company may question why they are shoveling money into something that is not working.
IMPLICATIONS:
Social computing can help and hurt your business
Unnecessary budget cuts can cause great harm to your company
Cloud computing can help protect your data but be careful
Information theft occurs far too often and it can happen to you.
Being too strict in regards to social networking may hurt more than you think
RECOMMENDATIONS:
Create a plan for your company regarding social networking
Let employees know what they can and can not say or do
Be reasonable in your restrictions but firm on your rules
Allowing some freedom may be great networking for your business
Just because you haven’t been attacked yet, do not think yourself immune
If budgets need to be cut do not look to Information security first
If they can be cut elsewhere without causing too many problems avoid restricting info security as much as possible
Cloud computing an outsourcing servers to other companies can help protect vital data by storing it in numerous places
Be sure to check the company you are going to do business with
Make sure they are reputable and have solid machines and security
If using local servers and computers, invest in a low profile anti virus
This type of software does not horde computing resources and protects your systems while still allowing your employees to be productive
SOURCES:
Global state of information security survey
CIO Magazine
Enterprise Systems
Computer Weekly
Symantec
Ernst and Young
SpendonLife.com
Maximum PC
No comments:
Post a Comment