Reference my compilation of articles below for in-depth information on your topic of interest.
Want to be acquired? Get your cyber security in
How well a company has locked down its systems and data will have a direct effect on how much a potential buyer is willing to shell out for an acquisition — or whether a buyer will even bite in the first place, said a panel of cybersecurity experts Thursday.
Section 215 of the Patriot Act Becomes The USA Freedom Act
On May 31, 2015, Section 215 of the Patriot Act, which is the justification behind the NSA mass data collection. On June 2, the Senate approved and President Obama signed the USA Freedom Act. Swire was chief counselor for privacy under President Clinton, among other accomplishments. In this article, Peter discusses the changes that the Freedom Act brings and how it implements some of the recommendations of the review board.
War stories: Companies who have had cyber breaches
Target: After Target had its massive security breach in 2014, sales went down 14%. The company will spend over a billion dollars to cover costs related to that breach. Target was in the news, day after day, and not in a good way. Customers’ attention was focused on thieves’ access to their credit card information rather than on Target’s products and services. To make things more complex, the source of the attack was not even Target’s server. The hackers gained access to Target’s servers through a third party vendor, whose systems were compromised. Now Target is suffering the financial and public relations consequences that will last for years. Your business is probably not as large as Target or Sony. But it is well-documented that when small businesses have serious security breaches, they are 60% more likely to go out of business in the next year.
Sony: Description coming soon…
Anthem: Description coming soon…
Microsoft Patches Bug in Group Policy That Had Been There For At Least A Decade
In February 2015, Microsoft patched a bug in Group Policy, the system that allows businesses to push rules to individual computers, that had been present for at least a decade. It took Microsoft a year to construct the fix because it was a design flaw in Windows, not bug. The bug goes back to at least Windows 2003, but Microsoft did not release a fix for Windows 2003 because they are about to end support for that version of Windows in a few months.
How not to get slammed by the FCC by WiFi Blocking
An interview with Rick Hampton who is a WiFi engineer with 40+ years of wireless engineering experience who currently works for Partners Healthcare in Boston. The FCC fined Marriott for thinking they owned all WiFi in and around their hotels. After paying the FCC a $600,000 fine, they understand that is not the case. Rick explains the DOs and DON’Ts of WiFi blocking. If you run a WiFi network, this is a very good primer on the rules.
Enterprises fail at the basics:
THE BIGGEST SECURITY DEBACLES OF 2014 SHOW THAT ENTERPRISES ARE STILL FAILING AT THE BASICS
The Target breach did not happen because a group of geniuses figured out how to breach the best encryption. They failed at the basics. See what they might have done better.
Risk Management, Board Collaboration Can Bolster Cyber Defense
The National Law Review wrote an article on the role of a company’s Board of Directors in cybersecurity. The article presents findings from a recent Carnegie Mellon study on the Board’s actual role in cybersecurity and proposes that the Board needs to be actively involved in cybersecurity policy.
Cybersecurity – walking the tightrope
If we would just disconnect from the Internet, get rid of our laptops and smartphones, don’t use cloud services or mobile apps – then things would be secure. Well, actually, even with all that, the answer would be no. The only truly secure computer is the one that was never plugged in or turned on. Cybersecurity is a balancing act. Are you a good tightrope walker?
Network Security Assessment Should Be Part Of Your M&A Process
Businesses and investors are often involved in financial transactions (investments, mergers and acquisitions). This article talks about the consequences of not having information security be part of the finance process early on. Although the article does not state this, the article applies equally to investments. If you are parting with your money, a network security assessment should be performed. The article says that one reason that assessments are not part of the process may be the next quarter or short term view some investors have. This is certainly likely, but another possibility is that there are people involved in the deal (brokers, advisers and the seller) that don’t want to risk that the deal won’t close or the terms will change. For the buyer or investor, it is a whole lot easier to walk away before signing the papers.
IT Pros Turn A Blind Eye To File Sharing
Sixty-one percent of respondents confessed that they have “often or frequently” shared files through unencrypted email accounts, failed to delete confidential documents as required by policies, accidentally forwarded files or documents to unauthorized individuals, or used personal file-sharing/file sync-and-share apps in the workplace.
One head scratcher is that 70 percent of respondents say their organization has not conducted an audit or assessment to determine if document and file-sharing activities are in compliance with laws and regulations.