Who is responsible for your information security practices and why? If you are the business owner, CEO, or other key executive have you discussed with the individual or organization what your information security goals are? I am not talking about a technical discussion but rather a discussion in business terms. Are there defined security standards to which the organization adheres? Is information security become part of the business culture?
Too many business leaders don’t find a discussion necessary and assume that their input is not necessary or the conversation too painful to manage. Having spent a career dealing with information technology and security personnel I can relate. However when your input is not part of the conversation don’t assume that anything is secure. Don’t believe what your “expert” tells you unless its been verified.
Now perhaps you are a large organization and as the CEO you are too busy to deal with the techies. Your CIO or CISO are boring and you believe you’d be more productive painting your dog’s nails. Well there is a long list of CEO’s and board members that might wish they were more involved. The latest attacks at Target Corp and Neiman Marcus are more of the same.
Hackers are sophisticated and operate in ways most organizations don’t understand. Their probing, testing and theft happens over long periods of time. It’s not like a theft at a storefront or bank. Hackers rely on being stealth and their activities can last months or even years. They are operating within your company walls from far off places on the other side of the world and your security operations staff has no idea this is occurring.
Most organizations find out about their compromise from law enforcement as they investigate criminal activity on a global scale. However it’s still your problem. Unless your hack is a matter of national security the amount of cooperation you receive from the FBI or USSS will be negligible and may be non-existent. Its not that they don’t want to help but these agencies are focused on national security and money supply and their resources are stretched.
So you’re a small business and you believe that you are off the grid, out of the loop. Well that is not the case. Depending on how events are tracked and who is reporting statics show that about one-third of all attacks involve small business
and sometimes these “attacks” come from inside the organization. That may be shocking to a small business owner but small business is easy prey. As a small business owner you should be asking all the right questions since your banking accounts, operation, customer information and reputation are at risk.
Often the hacker can penetrate a small organization because the architecture is flawed, devices are not properly maintained, patches are not applied, and no one is being held accountable. As a small business owner you must be involved and must be asking the right questions.
Network Management Solutions has been helping companies address business driven technology issues since 1996. We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.
Please contact NMS to schedule a free one-hour no obligation consultation to discuss your concerns. We will provide expert advice in simple business terms on how to best address your issues through NMS or another provider. NMS can be reached by phone or email at 908-232-0100 or firstname.lastname@example.org. More information on Network Management Solutions can be found at www.nmscorp.com.