November 23, 2009
Recently in the Kansas City Business Journal there was an article about data theft and the insurance options out there. It is nice to see someone finally bringing this issue to light and I hope this will make people realize that the threat is real. Over the past few months, I’ve spent a considerable amount of time trying to educate my clients and prospects on the need for this type of coverage but many business owners still think they are immune to a data theft.
To read the entire article, click here.
October 28, 2009
A thief recently stole credit card numbers from a local Pub at the corner of 151st and Metcalf. The owner of the pub is worried that this event will cost him customers and ultimately put him out of business. In my opinion, events like these are only going to become more prominent and cause more small businesses to be shut down unless they start to take their security seriously and prevent these attacks from happening.
To read the news story, click here.
July 23, 2009
As I mentioned in my last post, I’m starting to wonder when people are going to start taking their data privacy exposure seriously. Recently, the city of Johnson County had an employee inadvertently attach a document with 8,600 social security numbers to an e-mail that went out to 49 other employees. The incident occurred July 1st and was reported last week. The city says there is minimal risk of disclosure or misuse of the information which makes me wonder if they’re sending out notification letters and providing credit monitoring services to the 8,600 individuals whose information was compromised. If they are, this could easily cost them $1,000,000 and if they aren’t I’d think it would be difficult to sleep at night knowing you could be responsible for someone’s identity being stolen and you didn’t even let them know or offer to monitor their credit.
To read the full article from the Kansas City Star click here.
June 15, 2009
There was an article in the Kansas City Star today that discussed the risks each time a retailer swipes your credit card or you enter your payment information online. According to the article, “over 70 retailers and payment processors have disclosed breaches since 2006.” A bigger problem is that there are also many retailers and payment processors out there who have suffered a breach but aren’t aware that breach occurred. These breaches are occurring to all types of businesses and most of the businesses who’ve suffered breaches were PCI compliant. According to www.datalossdb.org, breaches have recently occurred at large name retailers Sony, Batteries.com, and SprintNextel. As I have said previously on this blog, most businesses in the united states have very minimal network security. The article goes as far as saying, “the [security rules] are cursory at best and all but meaningless at worst.”
May 21, 2009
I had the privledge of going to Los Angeles 2 weeks ago to hear Dr. Joel Brenner speak on the topic of network and data security. It was a very small gathering and I got the opportunity to talk to him personally after the event. We discussed the misconception that data loss is covered by a businesses insurance policy and that most businesses were unprepared to deal with a data loss. During his speech he informed us that the Chinese and the Russians have already been seen in our electrical grids and in the networks of our major banks to illustrate how real of an issue this is. He offered us some tips to protecting your companies network security which I’ll share below:
- Identify which information should be protected and for how long
- Make sure to encrypt all extremely sensetive material
- To dispose of sensetive material, shred or make it unreadable
- Do not leave vauable company information unattended in hotel rooms
- E-mail and voicemail passwords must be protected and changed frequently
- All sensitive materials must be removed from conference rooms and chalkboards and whiteobards erased after meetings
- Where possible, conduct background investigations on all individuals with access to sensitive information
- Obtain nondisclosure agreements from employees, vendors, and others with access to proprietary information
These tips were taken from the Department of National Intelligence document Safeguarding Information for the Security Professional. You can get to their website here.