How’s Your Insecurity Level?

Panama, Paradise, Publicity

P.T. Barnum receives attribution for the phrase “There’s no such thing as bad publicity”.  I think there are a large number of offshore investors who may be disagreeing with that statement this week.  The Panama and Paradise Paper revelations have placed an exclamation point on the importance of an aggressive security posture.  As the game of cat and mouse between hackers and IT escalates it is more important than ever that organizations use every means at their disposal to secure their data.

See you in the unfunny pages

Companies that are caught exposing customer data to hackers may find themselves in a difficult position if they can’t prove to customers, auditors, and regulators that they utilized “best practices” to secure their systems and guard against breaches.  The issue, of course, is what constitutes a best practice in this rapidly morphing landscape?

Your mother was right. You should layer.

In the good old days, it was enough to simply put in a firewall, lock it down and go on your merry way.  Clearly, this is no longer an option.  A true belt and suspenders approach must be adopted to data security starting beyond the edge of the network and extending all the way to the end user community. Many security vendors now have SaaS options in place to identify risk long before it hits your network.  At the very least some degree of email filtering must be in place which employs a “detonation chamber” against which all mail attachments may be tested for malicious code.  The firewall infrastructure should be intelligent and ideally capable of some level of cloud based machine learning to identify unusual behavior which then quarantines suspect devices.

A minimum of two-factor authentication should be in-place and minimum security specifications rigorously enforced.  Our machines must be encrypted, not just at the workstation but also at the server level. Remote access must always be brokered with direct access to a server via the internet an absolute no no.

Smarter machines are all well and good but these precautions are all for naught if we do not also work on developing smarter people and practices.  A security focused education program is a vital step in buttoning up that “final mile” of network security.  As attacks become more and more sophisticated (and frankly transparent) our people must understand how they might be manipulated and what constitutes good security hygiene.

In Case of Emergency…

Sometimes despite our very best efforts our security will fail.  In this event you must already have a plan in place.  Have you addressed your backup strategy and identified how you might recover from an encryption event?  Do you have a notification requirement and is this ready to be activated?  Do you have a solid partner who can work with you through this crisis?

If you haven’t already begun taking a hard look at your security START TODAY.  The issue is not if you will be compromised but when.

Did you find this helpful?

Share it on social media!

Todd received his MBA from Villanova University and his B.S. in Electrical Engineering from Penn State. Prior to joining Adaptive Solutions as Director of Datacenter Operations in January 2008, Todd worked for his own consulting firm for the last ten years providing technical expertise for a variety of large and mid-sized corporate clients including General Motors (Saturn Division) in Delaware. Todd assumed the role of Chief Technology Officer in December of 2012. In his current role with Adaptive Solutions, Todd helps to set best practices and technology standards for the company. Todd also has a wide range of expertise, including VDI, virtualization, and numerous Microsoft technologies, as well as document management. Todd maintains numerous Microsoft Engineer certifications and is considered an expert in the field of server and desktop virtualization.

Leave a Comment