Why Companies & You Should Care About Security
By John W Currie
Attackers are motivated to make money the easiest way possible. Stolen identities, bank accounts, credit cards and email addresses are easily sold online. Symantec estimates that this is a $7 billion dollar industry.
Most businesses collect, transfer and store personnel information about their customers and employees. More information than they actually require. Recently in the news some of the largest organizations have succumbed to these attacks and it has cost them both in terms of money and customer trust.
Malicious code continues to grow rapidly and according to both McAfee, unique instances of malicious code well exceeded $2 million in 2009. Today’s malware is sophisticatedly designed to steal information that can be sold for a profit. For example, many instance of malicious code includes keystroke loggers collecting passwords, social insurance numbers, credit card numbers and online banking information.
So what can we do to protect ourselves and our critical information?
First, if you are a customer, start questioning the vendors or organizations who are collecting your personal information. Organizations should be prepared to answer your questions and have already carefully scrutinized their data collection process. They should have a privacy policy and be able to tell you where, why and how long your information will be stored. If you are not satisfied with the answers you receive, look for another vendor.
If you are a customer, proceed with caution when entering information online and ensure the web site is legitimate and using secure socket layer (SSL). Regular web page addresses will begin with the letters “http”. However, when a security conscious organization wants you to purchase from them, they will establish a secure connection which is identified when the address displayed begins with “https” – the “s” at the end lets you know the page is using SSL. A “lock” icon will also usually be displayed in the lower-right of the browser window if you are using internet explorer. You can click on this icon to read more details about the site’s security.
Criminals use fake web sites in phishing and pharming attacks can make it difficult to distinguish. Keep in mind, your data and privacy is important and when in doubt, error on the side of good judgment. It is essential for anyone using the internet to always maintain a current and up-to-date antivirus program that can automatically detect suspicious sites and malicious code. Security products, like Symantec’s Norton 360, help make this easier with embedded safe web site notification features which are integrated with your browser.
If you are a business, take security serious and ensure you have a security expert on your team. For larger organizations this may be a fulltime employee while smaller organizations will want to outsource to balance costs. Either way, information technology security requires an expert and you will be saving yourself a lot of money and embarrassment by ensuring you have this resource protecting you.
Secondly, limit the storage of identity-related information to that which is absolutely essential. If a credit card or bank information is only needed for a single transaction, purge once the transaction is completed. If identity related information is required for repeat business, ensure that information is encrypted. Just as any information being transmitted online should also always be encrypted.
Unfortunately, web sites are often developed quickly and with little concern for vulnerabilities. Today’s attackers search the web looking for weak web sites to infect with their malicious code. It is essential that web site owners and developers have their software tested for vulnerabilities and regularly scan their websites to ensure that they are not infected.
These are only just a few of the things that individuals and businesses can do to protect themselves. As attackers continue to find creative ways to acquire information, it is important that everyone stay current on the most recent security protection techniques.
About Currie & Wiltshire
Currie & Wiltshire’s IT Security and Remediation services help guide you through the complexities of IT security and risk management. Their IT Security experts and professionals have achieved the highest professional certifications and have a proven track record in the financial, securities, services, education, and telecommunications industries backed by over twenty-five years of service to large, medium and small business in North America. They can help you detect, report, and correct critical security and control issues. If you have recently completed a PCI audit, they can also help you quickly remediate identified vulnerabilities to ensure compliance. For information on this and other services offered by Currie & Wiltshire, visit http://www.curriewiltshire.com or call 416-748-8383 ext. 2
Article Source: http://EzineArticles.com/?expert=John_W_Currie
http://EzineArticles.com/?Why-Companies-and-You-Should-Care-About-Security&id=4651799
