Indianapolis computer service indiana it service and network support         L5 Solutions - Blog      // We make IT easy

    indianapolis computer service



business security and data loss from devices

Jun 12th, 2011 | Posted by | Filed under Indianapolis IT support

Computer and network security

Do small businesses need to focus on computer and network security?  Many think that only large organizations, such as Sony or CitiBank (see ** below), that boast about secure networks and taunt underground hacker organizations need to worry about network and computer security, right…? But what about the rest of businesses, the ones that are local or regional in size and scope, are they at risk and are they experiencing the same security failures and incidents?

 

A very telling article I read recently stated 80% of businesses experienced some data loss in the last year due to some security lapse or breach.  I absolutely believe the assertion of the article and the survey results:

  • It indicates that customer information (52 percent) is the most common type of sensitive information compromised in data leaks
  • followed by intellectual property (33 percent)
  • employee information (31 percent)
  • and corporate plans (16 percent)

Are large black hat organizations, such as the Anonymous hacker collective or LulzSec, targeting local Indiana business, not likely?  What smaller and medium sized business needs to worry about when it comes to security is internal security threats and more realistically lost devices.  This is what I see as the largest and easiest hole to plug in the dam to secure company data, simply securing mobile and movable devices with sensitive data.

What are the threats, then, and how can they be hardened to minimize data loss?  There are three main devices or device types to address when looking at mobile data and mobile devices.

  1. Laptops – in this category is included netbooks, notebooks and tablet devices.  Many new laptops have more processing power and storage capacity than servers of just a few years ago.  With that increased size and power comes the ability to store vast amounts of data in spreadsheets, documents, mail and other communication programs, etc.  So what then is the threat?  Should you be worried about being hacked while checking email at Starbucks, downloading a trojan or virus form a colleagues email?  Not really.  The most common scenario of data loss for laptops is simply losing the device.  A laptop stolen from a car is a common incident that can embarrass companies and compromise their data.  When the laptop is lost it allows hackers (crackers are the bad guy hackers) or criminals unlimited time to creak into the device and glean the important data(read important as sellable so they can make money – for instance selling credit card info to other criminals on the Internet).  Simply password protecting your laptop on login does little to secure the device.  There are several ways to crack the password in under a minute or the disk may simply be pulled from the device and read from another computer without making any other changes.  The laptop hard drive, or other device, should be fully encrypted so that the disk is unreadable if pulled form the device and also protected by complex passwords.  There are many encryption programs available for a nominal fee that are essentially unbreakable.  I state essentially because there is always someone or some government working to crack the latest security software.  As an aside, the Chinese government has a large stake in Symantec, which owns PGP one of the standards in disk encryption and other security software.
  2. Mobile phones and smartphones – tablets can be considered a crossover into this category and as smartphones increase in power (several models now have dual core processors, etc) they may be more apt to consolidate into the laptop category.  Mobile devices present some similar issues as laptops but then also present different challenges based on their primary uses.  Phones do not often have the same amount of data in documents or spreadsheets but within the stored email of the user may be those documents as well as sensitive communications, contacts, and access to other accounts such as banking form downloaded applications.  What is chilling about the increasing usefulness of the advanced mobile device is that they are often not protected with even a basic passcode or password.  So then, that must be the first step to manage security on mobile devices for business.  On top of that, there are applications and utilities available for phones (Android, iPhone, Blackberry, etc) to lock the phone, encrypt data files if needed and remotely wipe the contents of the device if it is lost.  Many applications will automatically wipe the device if an incorrect passcode is entered a set number of times.  Obviously you want to have a validated backup routine in place, but that is just another piece of the security and business continuity plan.
  3. Offsite hard drive or tape rotation – this category is slowly shrinking as large Internet connection make online data backup over the wire possible to offsite data centers for redundant backup.  The scenario is similar again to laptop data loss.  A courier or trusted employee is transporting a tape or hard drive offsite as part of a company’s disaster recovery plan and the device is stolen most commonly from their car.  The irony of losing large amounts of sensitive data (what you decided was critical enough to backup) as part of a disaster recovery plan and doing the right thing is not lost on me.  Many backup programs can encrypt the backup or at least password protect the backup but even password protection not always implemented by the company.  If current encryption best practices are followed this threat can be almost reduced to zero even in the event of a lost or stolen backup device because the data on the tape or disk is rendered unreadable without the ability to unencrypt the data.

 

So we can see that small business is still at risk or data loss, security breaches and other incidents.  There are some fairly easy and inexpensive steps to implement prior to a security event to minimize loss and embarrassment.  It is well worth the time and effort to go ahead and take care of security before something happens.  However, most people and companies still react to security rather that prevent issues.

 

** Sony has been on the receiving end of multiple hacks (at least 6 times) over the past month or more and CitiBank has just recently disclosed a major databreach from about a month ago.

FacebookTwitterLinkedInShare
No comments yet.
You must be logged in to post a comment.