Tweet

Key 2011 Hacker Prevention Lessons

Guest post by: Dovell Bonnett

Article Overview: I recently came across this article on the “Top hacker disasters of 2011”, written by David Aitel of Immunity Inc. David has put together a brilliant article that lists some of the high profile attacks and five lessons to be learned. One key point that you should notice in this article is that there was no single security failure points that caused the company’s breach. The points of attack ranged from technology being cracked to poor security practices within a corporation. After reviewing David’s 5 lessons, I wanted to comment on each to add a little more insight.

Key 2011 Hacker Prevention Lessons

In Lesson 1: Protecting critical data, David points out how the RSA SecurID token was hacked. He also discusses that most executives do not even know what critical information is in their databases, and the need for a chief information security officer (CISO). While I agree with this the other take away is that security technology alone cannot protect the company. Anything that is created by human can eventually be broken by human given enough time, resources and money. This is what happened with the RSA SecurID token.

In Lesson 2: Segmenting your network, an additional point that I would add is to segment the data that is stored on the network into confidential and public. By segmenting the data into these two classifications security can be designed to meet the specific needs. Segmentation also will keep costs down. Why pay for high encryption to secure a press release? You also want to segment the employees into different groups as to what data they are allowed to and not allowed to access.

In Lesson 3: Security leadership, having a point security person is becoming more and more important to corporations. Security is now being discussed at the board level and within executive meetings. This CISO, who is responsible for the overall business data security, should report directly to the CEO and CFO.

In Lesson 4: Audit your periphery, David talks about the importance of auditing your website for security holes if it contains sensitive information. However this is also true for corporate networks as well. Companies need to set up a plan as to how they will respond when there is an attack. Sadly, the industry has come to the point where there are two classifications of companies: 1) those that have had a security breach; and 2) those that don’t know that they have had a breach. While all the best planning in the world will not prevent a breach, it certainly will help lower the cost and time it takes to recover from the attack.

In Lesson 5: Don’t share passwords, I agree with all the David has said about length the passwords, the combination of characters letters and symbols, and the use of multifactor authentication like a smartcard or token. I also want to add, don’t write passwords on sticky notes and post them on the monitor. However, one point that is often overlooked is that the password security policy created by the CISO can lead to a weak password authentication infrastructure. Employees will circumvent security for their own convenience. That is why I suggest a company also have a secure password management application so that employees do not have to know, remember or even type passwords into sensitive networks, applications, computers and websites.

And while David talks about 2011 I fear that 2012 is not going to be any better in safeguarding companies from data attacks. With all the different federal and state privacy laws in place companies can’t afford to be lax on their data security anymore.

Access Smart has started a new Security Technology Partners program. With all the different components required to secure data, Access Smart has started a new program in which we are listing technology partners who offer different security solutions other than password management. We look at four different points of vulnerability and then match a partner’s technology that it addresses. While no one partner has the complete solution is the combination of these different technology partners together that creates an environment that will protect your company from a data attack. To learn more about our partners program please visit our website.

Related Articles
  2011 Business Growth Strategies #1: Think Different
  Learn from Golf... Create More Revenue
  QuickBooks 2011: It's Here!
  How to set successful goals and New Year's resolutions
  Preview the Email you are reading
  QuickBooks 2011: Improvement to Closing Date Functionality
  Planning for 2011
  Leaders - Sometimes Their Own Worst Enemy
  Business Opportunity - Computer Safeguards
  6.6 Strengthening of institutions: Economic Report on Africa 2007
  Computer Hacker Revealed
  Franchising Outlook Report Offers Further Proof 2011 is the Year to Become a Franchise Owner
  As Era of \"Extend & Pretend\" Ends, More CRE Shopping Begins
  Important "Lessons Learned” For Leaders, According To Your Strategic Thinking Business Coach
  It Takes Teamwork to Make a Company Dream Work
  International Finance Corporation (IFC) and Blue Financial Services Group to Integrate HIV/AIDS Prevention with Microfinance
  Lessons to Learn From the First Dot Com Boom
  How Obama's tax credit helps/hurts IT spending
  Ten More Important “Lessons Learned” For Leaders, According To Your Strategic Thinking Business Coach
  Medical Practices Beware! Time is Running Out To Avoid Electronic Medical Records Stimulus Penalties!

Article Tags: identity theft, internet security, password management, smart cards



Related Forum Posts
Merry Christmas everyone! - I'm just waiting for my son to wake up to start our Christmas traditions and I wanted to drop a quick note here to thank everyone for your support of the forums. We've have an exciting year and hopefully we can reach and help even more entrepreneurs in 2011! I hope you enjoy your families and have a fantastic holiday break... and then get ready to kick some butt with your business in 2011! Merry Christmas everyone!
300 rules! - 300 was my favorite movie of 2007 and Kevin you did a great job in highlighting the Business Lessons from the Movie.
Re: Your weapon for success - Let use this weapon this 2011 for a great success
Re: I failed woefully in 2011 - How did you rate yourself in 2011? Please post so we can also learn from you.
Re: The Mobile Marketing - I just read an interesting statistic the other day. According to IBM's fourth annual Cyber Monday Benchmark for 2011, there was an increase in the use of mobile devices for Cyber Monday shopping purposes. 10.8% of people used a mobile device to visit the websites of retailer's whom they were interested in buying from. That statistic is up 3.9% from 2010's Cyber Monday. Actual sales from a mobile device increased from 2.3% in 2010 to 6.6% in 2011. I definitely think this trend is going to continue to grow, and businesses can find advantages from doing things for the mobile world. Whether it's mobile websites, mobile apps, text message marketing, whatever it may be, this stuff is, as GT Bulmer said, [quote:19cah8ra]a forward moving trend.[/quote:19cah8ra]


Share this article with your friends. Fund someone's dream.

Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.

Newsletter

Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!

Name:
Email:

Popular Articles

Five keys to business success

Clues to Increase Sales -- Listen to the Buyer

Local Marketing: 3 Simple Low-Cost Strategies

Suggestions

Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.