According to the Aujas information security experts, these are the five crucial security topics that should be on the radar for business executives in 2011:
Data Governance and Data Leakage Prevention (DLP) – Some executives believe their employees know exactly what data should be protected and what data can be shared via website, conversation or social media. These executives have a false sense of security. Many companies still do not have a strong data classification program or policy in place to educate employees on what is critical to an organization and what is not. Some execs may also think that having a DLP tool and plugging it in is the answer. That’s like plugging in a power saw and saying you can build a house! Having a tool and knowing how to use it effectively are two different things.
Tip: Find a champion to drive your data governance and loss prevention initiative. If your company has a CISO, this person is the most logical one to take on this role. If not, you can assemble a small team of stakeholders to work with guidance from a third party who specializes in information risk management.
Application Security – With so many applications being developed and used in companies of all sizes, some are being created without security in mind. Some technology companies have a need to be the first on the street with a new application and are bypassing Security Development Lifecycle (SDL) protocol. They are thinking about security after the application is released and, sadly, are finding that they are spending more money to fix the application.
Tip: First perform a penetration assessment on your company’s critical applications to identify vulnerabilities. Then be proactive! Create a framework in which security is part of the SDL.
Social Media – The intentional and unintentional release of sensitive information via Facebook, Twitter, etc. can affect your company’s bottom line. Your intellectual property may wind up on an underground website or, if your secrets are shared with the world, you may not be first to market with your new product or service.
Tip: You don’t need to declare social media off limits to your employees. It is an important business tool that is not going away. You do, however, need to understand the risks of social media, and make users aware.
Cyber Security – Over the past year, more organizations have come to understand that there is a very real cyber security threat in the US and that the US Government cannot take care of every threat-related issue. Your company needs to develop a strong internal and external security programs to protect it.
Tip: Putting in place a robust information risk management (IRM) program is essential so that your stakeholders understand the people, process and technology risks and how they can affect your access, availability, and agility to conduct business.
Phishing – Hackers continue to use phishing, a type of social engineering, to solicit information from individuals. Though the incidents of phishing were down in the second half of 2010, the attacks continue to get more and more sophisticated.
Tip: Perform a phishing diagnostic so that you are aware of the threat, specifically who in your organization is susceptible to this type of attack.
Aujas can help your company manage risk from these threats. Contact Karl Kispert, our Vice President of Sales, to learn more. He can be reached at karl.kispert@aujas.com or 201.633.4745.
Related Articles
- Phishers Target Social Media, Are You the Victim? (aujasus.com)
- The Business Case for Secure Development Lifecycle (aujasus.com)