Is Your Business Vulnerable to Information and Cyber Security Risks?

Organizations and businesses often operate with significant risk due to an over dependency on reactive risk countermeasures and vulnerability scanning tools. This risk is of concern not only because of the high probability of attack to our IT systems, but also due to the low priority of information security activities when compared to other operational “necessities”. This complex organizational concern, almost assures that information and cybersecurity is NOT given priority until after a significant loss of information or system availability occurs an organization. This risk left unmanaged, subjects all stakeholders to loss of our privileged information and the high cost of system and incident recovery.

The attacks to our systems often target core mission and system services for the purpose of gaining privileged information and for denying access to key services. Gladly for our customers, and us there are risk management solutions that maximize security and provide significant resource and cost savings throughout your business development and operational lifecycle (NOT just when vulnerabilities are discovered). These risk management solutions, once implemented, provide for mission focus and continuous monitoring while also balancing security requirements with business vision, system functionalities, and operational capabilities.

Solutions should integrate businesses own lessons learned with operational activities to fill their own critical Information Security (IS) and cybersecurity gaps. Every business, or peer group, has unique risks that are managed. These solutions have roadmaps and experienced professionals that control the cost and/or complexity of increasing to an increased security level. These experienced professionals’ help in identifying and addressing specific business requirements into policies and plans that support the activities required by both the mission and supporting IS (cybersecurity) standards.

The solutions are implemented using multiple, often overlapping activities and include: 1) Aligning the business mission, vision, goals, objectives and IS value by defining IS requirements early, 2) Provide experienced industry program managers and IS professionals that will work alongside the many stakeholders, 3) Assess requirements and value, recommend solutions, integrate services, and sustain IS value, functions and capabilities to reduce risk, 4) Provide value focused system functions, capabilities, scalability, and performance that improves the mission and reduces risk to the stakeholders, 5) Leverage IS services for continuous monitoring and value added automation.

Risk Management is ultimately related to many projects and tasks that align with your vision and expectation of providing valued services at every level of your organization. Projects have distinct and important phases that are sequential; these project phases’ success or failure directly impact on and ultimately affects the success of the organization. IS is a significantly important piece of many ongoing activities in a diverse and expert environment. A combined program management, systems engineering, and IS professional approach will most quickly maximize mission efficiencies while improving fundamentals needed to meet and implement security controls. Management and technical activities, focused on mission needs, should follow tailored industry best practices to maximize operations, manage risk and be compliant with IS security requirements.

Improving operations and the sustainment of IS is best done from the top down, on both governance and technical levels. This approach has achieved improved operations and has avoided many problems associated with managing both risk and change. With the realization that risks must be managed regardless of the reduction to available funds today, we must view that any resource and cost waste is unacceptable. Thereby, all activities must be run “on purpose” as activities without purpose needlessly add risk and cost to the organization.

Using a tailored program management approach in meeting our security requirements and managing the risk that is always present, our teams must successfully implemented many tools and improvements that put the pieces together to define strategic IS vision, improve IS management and leadership, and improve IS tactical efficiencies.

What to Ask Before You Hire Security Services for Your Business

The main reason is to stop any potential lawsuits from happening! But do you know how many individuals I have talked to about this very thing? Many! Do you know what the majority have told me? They have locks and cameras, so they don’t need anymore security than that!

This is a mess waiting to happen, the reason is as follows. This attitude is the reason things happen in business establishments that prompt major lawsuits from those that get hurt in some way while on the premises or by someone on the premises.

The reasons are as follows:

Hiring/Retention Negligence

Security Negligence

Premises Liability

Fail to Protect

Fail to Provide Security

This starts off with the very first thing you do in business, hire employees without doing background checks on them! One of the fastest ways to get sued today in business is to not check the backgrounds of employees and they turn out to be criminals! Not only can this mean they are stealing from your business, but they can also be stealing information from your clients. They may even be waiting to attack one of your clients; this is where you become liable!

Here is a list of the most viable security measures that you need to look at for your business:

Hiring & Termination Security Issues

Perimeter Security Issues

Theft/Fraud Issues

Information Theft Issues

Money Handling Issues

Access & Egress security Measures

You need to start looking at your security measures for your business now and adapt them where it is necessary to help stop any potential lawsuits from befalling you. Therefore, you have to take the list above and go through each topic to see if it actually impacts you. Then you have an idea of what to change and it should also help you as to how you should change it for the better.

If you do not feel like you can do this by yourself, then you need to hire a competent security consultant to do an assessment of your security measures. This will give you the insight needed to make decisions that will affect your business and the security measures you need to keep that business safe.

Publishing Guidelines: You are welcome to publish this article in its entirety, electronically, or in print, free of charge, as long as you include my full signature file for Ezines. Please send a courtesy link or email where you publish to [email protected] Thank you.

“Why Business Owners Need Security”

© 2004 Gary L. Cunningham

C&M Consulting Services


5 Significant Cyber Security Risks Businesses Should Ponder

In the recent years, it has been observed that many businesses have been rapidly affected by various types of cyber attacks. Companies continue to be under great pressure and strive to keep their information safe and secure. Some of the common security risks businesses continue to face have been listed below:

1. Human factor and peoples’ reactive mindset: The employees working in the business could form the major base for cyber threats as they are more prone to open phishing emails or download links that could turn out to be malware. Moreover, the top level management or people at the C level will be less prone to become malicious insiders. Due to this a serious concern of privilege abuse by lower level employees is more common as they become malicious insiders and measures need to be taken to overcome this problem.

2. Password protection measures play vital role: Businesses should be extremely aware that they should maintain all important business accounts with a two factor password authentication such that it may not be easily hacked. This password needs to be changed and maintained effectively once in 30 or 45 days to keep it more safe and away from any security attacks.

3. Aging Infrastructure and drastic Patch Management necessary: In addition to the above security risks, hardware can also be a major issue as lifecycle of most of the devices is becoming increasingly shorter these days. Purchase only new hardware that can uphold updates such that aging factor can be taken care off. Recent attacks such as the WannaCry and Petya outbreaks have underlined the importance of regular software updates that needs to be taken up. Even for Eternal Blue, it allowed the malware to spread within corporate networks without any user interaction, making these outbreaks particularly virulent. The above incidents do show the importance of protecting vulnerable systems and patching is a key way to do it.

4. Difficulty with Data Integrations: It is interesting to note that the amount of data that flows through an organization could for reasons overwhelm anyone as it contains very critical information. This could be about employees, partners, stakeholders, service providers etc. But integrating various data sources is crucial to have a clear understanding of various risks involved within or outside the organization.

5. Lack of a Proper security recovery plan: Most businesses are still unaware of the impounding risks with cyber security and lack a proper plan to overcome such situations. They need to draft a plan that contains the actions that could be taken up when there is a cyber attack and thus can quickly and efficiently minimize the risk and save information or other economic losses.

How Can Businesses protect themselves?

Certain solutions like SecOps provide superior customer experience along with a robust cyber security. This security product has capabilities of secure operations while focusing on delivering a seamless customer experience. This specific Security and Experience go together approach finds the right balance between the ease of user experience and effectiveness of security protection. These solutions cover the entire software lifecycle, from secure design to security testing in development and QA, app self-protection and monitoring in product and patching. Security is an enabler of new business opportunities in addition to helping protect your company’s people, data, and systems. Cloud Security is achieved through following certain cloud adoption strategies with specific focus placed on security and privacy to improve all operations and make them secure.

How to Gain Appropriate Retail Business Security

Break-ins and thefts are the major concern of every business owner. According to a survey conducted by the National Retail Federation, approximately 80% of the businesses fall prey to employee theft and shoplifting.

Securing your business is much more than taking a few security measures at the inventory level. For instance, you need to think about store level strategies and building level security tactics as well. As you can never be sure of what a would-be burglar is up to, hence, each security plan comes at the same level in a priority list.

Securing your buildings starts with evaluating your premises thoroughly for the risks and taking necessary actions for safeguarding the highlighted areas.

An absolute security plan markedly includes two things. First, Hardware-Driven Tactics and second, Message-Driven Tactics. Hardware driven strategies may include alarms, motion detectors, and security camera systems; whereas message driven approach would be appointing dedicated security professionals and positioning visual deterrents such as displaying warnings. These security blueprints save your hard-earned assets not only during the working hours, but after the store hours as well.

Hardware-Driven Security Approach

One thing to be kept in mind while settling on hardware driven security options is to use a combination of all the well-tested measures like locks, surveillance cameras, and motion sensing alarm systems. Here is a brief explanation of each of these security elements:

1. High-Security Dead Bolts: In the front and the back doors, install high-security dead bolts. This will definitely guard you against any potential attack even when it is done by a professional criminal. The apt choice is commercial grade dead bolt locks that can survive 10 hammer strikes and match up to the standards of the American National Standards Institute.

2. Alarm Systems: If you suspect any ambiguous activity in and around your premises, then investing in the alarms is the most recommended solution. The visible deterrents scare the would-be burglars and forewarn them in their acts. These systems can also be optimized to send customized notification to the law enforcement department.

3. Security Cameras: Using an 'extra set of eyes' would certainly be beneficial for you. The two primary purposes of positioning a surveillance system are: obtaining video proofs and offering apparent deterrence.

Motion sensing cameras record the video only for the time interval during which motion is observed. On the other hand, the normal cameras can perform day-night video surveillance at your location. If you do not have the budget for motion sensing surveillance equipment, then you can also go for their fake versions. One can also choose to mix and match the two, the real HD security cameras and their replicas. While planning the installation, do not forget the exteriors of your business, secluded areas like emergency exits, inventories, parking lots and dimly lit alleys.

Message-Driven Tactics

You can always add a message driven procedure along with its hardware-driven counterpart while developing a security strategy. This will greatly help you cut back on potential crime. A simple example is to tell your customers aloud that they are under CCTV surveillance.

1. Keep an Eye on Customers: Watch each and every face that crosses the front door. You can make this task look more courteous with a warm welcome of your customers. Also, ask your employees to report any ambiguous activity, if they encounter any.

2. Security Guards: If your entrances are guarded by an armed watch guard then, probably the most determined burglars would also change their minds. These guards will warn the shoplifters too.

There is no hard and fast rule about how you use the above mentioned security measures. However, it is advisable to use a combination of all for a fail-proof security.