|
|
Like this article? PLEASE +1 it! |  |
|
Protecting Your Company From An Online Data Breach
| Guest post by: Dovell Bonnett |
Article Overview: Why do data thieves attack corporate computer networks? Well, to paraphrase Willie Sutton, it's because that's where the data is. As I said in a previously blog, a data breach is usually done in one of two ways. A data thief will either employ physical means, such as dumpster diving, social engineering or a simple break-in; or via the internet. No business today can afford to be left behind technologically, meaning that in every corporate environment there are computers, networks and electronically stored information.
 |
Free Download - Zappos Data Breach - Customer Safety and Security By Dovell Bonnett |
Protecting Your Company From An Online Data Breach
Why do data thieves attack corporate computer networks? Well, to paraphrase Willie Sutton, it's because that's where the data is. As I said in a previously blog, a data breach is usually done in one of two ways.
A data thief will either employ physical means, such as dumpster diving, social engineering or a simple break-in; or via the internet. No business today can afford to be left behind technologically, meaning that in every corporate environment there are computers, networks and electronically stored information.
Electronic files are highly sought after by would-be data thieves for the wealth of personal information they contain. There are HR files, accounting information, customer and vendor lists; the list goes on and on. All of these kinds of records are full of sensitive information which can be exploited for personal gain by data thieves.
As a business owner, you are already aware of how to protect your company from a break in; however, these electronic attacks are not as well understood or protected against by the majority of companies. The alluring elements for a data thief regarding online data breaches are:
1. The thief need not be anywhere near their victim; they can even be on another continent.
2. Just about any information you would need to commit identity theft can be readily found on the web (We will not tell you what these sites are since we discourage the practice).
3. Most companies keep a large amount of sensitive information on file; much of this data is poorly secured.
4. Computers can be an easy entry point to your data, since thieves only need to find one weak point to get into your system.
1. Phishing emails - These are emails pretending to be form a legitimate company, usually asking the victim to verify personal information.
2. Spear phishing - These are emails which are sent to employees of a company purporting to be from management, asking for passwords or information about projects they may be working on.
3. Zombie computers or networks (zombies) - These are compromised computers and networks which contain software which permits data thieves access to the system. These computers may be linked there together to form what is called a botnet.
4. Botnet - Once linked together, these botnets are used to perform attacks like denial of service, pay per clicks and spam email. In many cases, the owner of the compromised systems may not know that their system is being misused this way.
5. Bogus websites - Websites which pose as legitimate sites and attempt to trick visitors into handing over personal information; this data is then used on the real site by the data thief.
6. Crackers - Programmers and other highly skilled computer experts who use their abilities to break into networks to find weaknesses to exploit.
7. Wireless network snooping - When using unprotected wireless routers, such as are often found in coffee shops, airports and some homes, hackers may be able to pry into your computer.
8. Cookie sniffing - Hackers will use cookie sniffers to examine all of the cookies you have used and will send this information (useful since people generally use the same password for many different sites) to their own systems to use this information.
9. Malicious Software - These are various types of software: hijackers, adware, Trojan horses, etc. which act against specific operating system functions, send your personal information to someone outside your system, direct you to bogus websites or any number of other malicious actions.
10. Web Page Hijackers - A small program which redirects your browser to a site other than the one you wanted to visit. This may be to a bogus website attempting to capture your personal information or an annoyance such as being redirected to a pornographic website.
11. Piggybacking Access - This is the practice of breaking into a poorly secured computer on an external network and using this access to break into another network using a legitimate connection between the two networks.
12. People Research Sites - For a fee (usually $40-$80),you can obtain personal information on nearly anyone.
13. Dictionary attack - One of the easiest ways to guess a password. A dictionary file is loaded and since no language has an unlimited number of words, this can often generate the password with relative ease.
14. Hybrid attack - A more sophisticated variant of the dictionary attack, this takes dictionary words and combines them with numbers and/or symbols in an attempt to crack a password protected system.
15. Brute force attack - A brute force attack is one in which a program systematically works through every possible combination of numbers, letters and symbols. The amount of time need to find the password all depends on the number of characters used in the password.
16. Keyloggers - A type of spyware which records every keystroke made on a computer and sends this information to a remote user. These programs are very difficult to detect with most virus and spyware scanners.
17. Network Sniffers - Applications used to capture network traffic without the knowledge of users on the network. Sniffers are helpful to hackers in finding network weaknesses; which helps them to plan other attacks on a network.
You should be aware of the risk of data breaches, but you needn't be paranoid. There are plenty of steps you can take, such as bringing in outside IT security consultants to work with your IT department to assess your security and work to improve it. You should also make sure that all of your software is kept up to date.
You can use security tokens in your system, such as smartcards for accessing your network and workstations. You should also make sure that each and every one of your employees is properly trained so they know what to keep an eye out for to prevent data breaches
Related Articles
Data Security is Mandatory
Mobile Privacy – 4 Points to mobile app developers
Key 2011 Hacker Prevention Lessons
What To Do When Your Company Network Is Hacked
Managing your Brand in an Insecure World
Chinese Computer Hacking of Chamber of Commerce has Already Hurt Your Business
Professional Indemnity Insurance why you must have it
How to maintain data privacy?
Preparing for Security Breaches
An Identity Theft Call Center - A Necessity In Today's Information Age
Top 5 Reasons to You Should Backup Your Business Online
Shady RAT World Wide Hacking
Work from Home Data Entry Jobs: What Are They?
Access-As-A-Service (AAAS) By Access Smart
Does Integrity on the Internet Really Matter?
Sued for Someone Else's Breach of Contract
Email Protection: As Important as Password Protection
Data Theft & Security Law India
Leadership Assessment #20 – Lowers Credibility Gap
Retail Security
Article Tags: Access Smart, breach, data theft, Dovell Bonnett, identity theft, security, threat
|
About the Author: Dovell Bonnett RSS for Dovell's articles - Visit Dovell's website Security does not have to be cumbersome to be affective. That is why our products are designed using state-of-the-art security technologies while focusing on ease-of-use and low cost-of -ownership. Previously, smartcard technology was only available to governments and Fortune 500 companies. Access Smart has turned that model upside down by matching the technology to the needs, no annual subscription fees and fully transferable licenses to keep security affordable to even high employee/student turnover businesses. The Access Smart team has over 50 combined years in the smartcard and security industry. By addressing the very real problems from a systems mindset, Access Smart delivers everything for a company to implement AaaS within hours and not months/years. Please contact Dovell Bonnett at Access Smart as to discuss how best to implement Authentication, Authorization and Non-Repudiation into your business. Access Smart - The Alternative to PKI. Click here to visit Dovell's website   Yet Another Avoidable Security Breach At UCLA My 3 Top Security Strategies for 2012 ISSAs SoCal Security Symposium 2012 The Year of Cyber Espionage Zappos Data Breach Customer Safety and Security |
Related Forum Posts
How to valuate a business
- Hi Garth - here is how we did it at Northern Crown Capital when I was helping them raise venture capital for Toronto-based entrepreneurs. Assume the start date is 2003 so 2008 projections are 5 years out:
How Northern Crown Capital Valuates a Business
2008 Financial Projections
Earnings Before Tax
$5,865,000
Tax Rate
42%
Taxes
$2,463,300
Net Earnings
$3,401,700
Amount Seeking to Raise Today
$3,500,000
Discounted Value of Future Opportunity, 5 Years Out
2008 P/E Ratio
15
Value of Company in 2008
$51,025,500
Discount Rate Applied
30%
Year 2008
$51,025,500
Year 2007
$35,717,850
Year 2006
$25,002,495
Year 2005
$17,501,747
Year 2004
$12,251,223
Value of Company at Investment in 2003
$12,251,223
Less: Investment Amount
$3,500,000
Present Value
$8,751,223
Discount for Risk & Private Company
40%
Less: Discount for Risk & Private Company
$3,500,489
Private Company Value
$5,250,734
Present Value (What the Owner Keeps)
$5,250,734
60.00%
Financing (What the Investor Gets)
$3,500,000
40.00%
Total
$8,750,734
100.00%
I hope this helps!
Internet Users Hbk http://www.internetscamsanonymous.com
- Current site for sale of our handbook as a Clickbank product
Welcome any and all feedback:
Sale page Content
Handbook Content
Pricing
Too Big
Considering braking it to 2 volumes: Avoiding Scams Online and Doing Business Online and maybe ad 3rd volume related internet technology
Kind of like selling preventive medicine!!
Thank you in advance for your interest and comments
Seek Venture Capital & Funding
- Hello,
Greetings from India.
I am Seeking Venture Capital for Offshore Software Company Start-up. Need advise along with Business Model Sample.
I have a basic outline for an offshore company.
1. Technology - like Microsoft Dot Net, Java, LAMP
2. Talent Team - Found Good Technology Developers.
3. Where I can get the leads/potential customers - Leads have been identified who are willing to move forward offshore projects.
4. I do not have resources like funding. It is a very critical factor to me
Industries: Manufacturing, Real Estate, Retail, Insurance, Distribution & Logistics, Healthcare, Industry Associations and Software Product Development, Agricultural Industries and Etc.
Services: Offshore Software Development Company.
Offices to be located: Hyderabad, Andhra Pradesh, India and USA.
Products/Services/Applications in areas like POS & Billing, Sales & Distribution, Production Planning, Material Management, Inventory Control, Plant Maintenance, Purchasing, Accounting and Logistics. Dynamic Web Programming with Database Driven Content Management Systems, Online Stores for E-Commerce, B2B Solutions, Community Portals, Website Redesign and Development, Custom ERP with Enterprise Wide Functional Modules such as Marketing, CRM, Accounting, Inventory Control, Sales & Distribution, Production Planning, Purchase & Stores, Logistics and Supply Chain.
Seek your further questions and help.
Thank you,
Best Regards, Jayapratap.
Re: What is your Business?
- We are running a Online Marketing Firm and we have some good clients to which we are offering a complete Digital Marketing strategy like Search, Mobile Marketing, Branding and Design. I think in Online Marketing company online presence can be a wining factor for the success of the company.
Re: Does Your Website Have a Robots.txt File?
- HI Carol,
Your robot file is correct; no lets work on your Page Titles & Meta Data.
Do you have access to create different page titles for each page of your website? Do you have your FTP information...please do not post it here but just let me know if you have access.
Jeff
Share this article with your friends. Fund someone's dream.
Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.
Featured Article
Researching Franchises: The Importance of Interviewing Existing Franchisees
by: Anne Barr, Dallas Franchise Consultant
by: Anne Barr, Dallas Franchise Consultant
Best Automated Forex Trading Strategy
Build Your List with Joint Venture Giveaway Events
May 2012 Top 100 Social Media Experts to Follow on Twitter
What to measure to be phenomenally successful in business
10 mistakes of media relations
Newsletter
Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!
Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!
Suggestions
Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.
Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.