5 Security Holes That Every CIO Should Know About

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.inc.com/john-rampton/5-security-holes-that-every-cio-should-know-about.html


Businesses today are aware of the huge responsibility that comes with
protecting customer data. When that data becomes compromised, it puts a
business's entire reputation at risk. Since launching my startup Due I've
had to learn what it's like to store a lot of secure data. We do everything
in our power to keep our customers data secure.

However, even with all of that careful preparation, there are some areas
businesses like ourselves tend to neglect. Those areas leave security holes
that can disrupt an entire business's trajectory. Here are five major
security holes CIOs should know about before it's too late.

Unsecured Mobile Devices

Employees no longer work solely from desktop PCs, connected in an office
environment. Instead businesses now issue mobile devices to employees,
which they then carry with them almost everywhere they go. Businesses must
invest in technology to keep those devices safe within a network
environment, as well as train employees to use work-connected smartphones
and tablets responsibly. By setting up remote wipe capabilities and turning
on the "find my device" GPS feature on each smartphone and tablet,
businesses can ensure that if a piece of equipment is misplaced, its data
will remain safe from prying eyes.

Transferring Legal Documents

Every year millions of companies face lawsuits. In every matter of
litigation a company may be obliged to produce thousands, sometimes
millions, of documents requested by the opposing party during in a process
known as discovery. Alarmingly, the collection and exchange of documents
during discovery is routinely carried out without any level of security.
For many companies the crown jewels are being loosely thrown around without
encryption--easy targets for competitors, criminals, and prying eyes.

A simple way to solve this problem is by centralizing document collection
and dissemination. Through the use of a secure portal like Logikcull, a
business can protect its legal documents while also streamlining the entire
process of discovery. The platform automates the process of discovery--with
safeguards placed to protect a company's data at every phase in the process.

External Hard Drives

While cloud technology has mostly replaced the need for external hard
drives, many of them still exist. Some are still in use, but many are
shoved into drawers and pockets of briefcases, having long been forgotten
about. The problem with these relics is that they may still contain
sensitive data about a business's clients. It's important for businesses to
confiscate any external drives and make sure they're both password
protected and encrypted or, better yet, replaced with a cloud-based
alternative. For example, even with my secure VPS hosting company, we use
SSD and cloud servers to store all the information

Unpatched Systems

Whether a business is operating with an on-site server infrastructure or
one that is cloud-based, over time it can become vulnerable to a security
breach. This is primarily true if a business isn't regularly patching
systems. Server operating systems should be set to automatically grab the
latest security patches from Microsoft. In addition to server safety,
businesses should ensure that each piece of software they use is regularly
being patched, especially if the software is being used to transmit
sensitive customer data. CIOs should actively research threats and work to
protect a business's servers against them.

Risky Employee Behavior

Employees remain the biggest threat to a business's systems. Workers who
create weak passwords or leave them taped to computer monitors put an
organization at risk. We've even seen problems with employees that are
telecommuting into work as well. CIOs should include employee education as
part of the work they do to protect their systems. This includes educating
employees on the importance of avoiding clicking on suspicious links in
email. Employees should also be trained to safeguard customer information
by sending items securely and entering information directly into the
computer rather than writing it down on a piece of paper.

Businesses trust their CIOs to keep their systems safe. But there are
several areas in which organizations leave themselves vulnerable on a daily
basis. By being aware of these issues and working to prevent them, CIOs can
protect their organizations from problems.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!