Data Security; Are Your Company Assets Really Secure?

Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today. You may not see it, but almost all of your company's information is in digital form somewhere in the system. These assets are critical because they describe everything about you; your products, customers, strategies, finances, and your future. They might be in a database, protected by data-center security controls, but more often than not, these assets reside on desktops, laptops, home computers, and more importantly in email or on some form of mobile computing device. We have been counting on our firewall to provide protection, but it has been estimated that at least fifty percent of any given organization's information is in email, traveling through the insecure cyberspace of the Internet.

Digital Assets are Unique

Digital assets are unlike any other asset your company has. Their value exceeds just about any other asset your company owns. In their integral state they are worth everything to your company; however, with a few "tweaks" of the bits they are reduced to garbage. They fill volumes in your data center, yet can be stolen on a keychain or captured in the air. Unlike any other asset, they can be taken tonight, and you will still have them tomorrow. They are being created every day, yet they are almost impossible to dispose of, and you can erase them and they are still there. How can you be sure that your assets are really safe?

Understanding Physical Security Architectures

Physical assets have been secured for thousands of years, teaching us some important lessons. An effective security architecture uses three basic security control areas. Let's assume you want to create a secure home for your family; what would you do? Most of us started with the basics; doors, windows, locks, and perhaps a fence. Second, we rely on insurance, police protection, and we may have even purchased an attack dog or a personal firearm. Given these controls, you may have taken one more step to provide some type of alarm. Not trusting your ears to detect an intrusion, you might have installed door and window alarms, glass break sensors, or motion detection. You may have even joined the neighborhood watch program in your area. These are the controls everyone uses, and they are similar to the controls that have been used since the beginning of mankind.

Which is most important? Looking at the three categories of security controls used, the first consists of protective devices that keep people out; doors, windows, locks, and fences. Secondly, alarms notify us of a break-in. Finally we have a planned response control; the police, use of a firearm, or recovery through insurance. At first glance it may appear that the protective controls are the most important set of controls, but a closer look reveals that detection and response are actually more important. Consider your bank; every day the doors are open for business. This is true of just about every business, home, or transportation vehicle. Even the bank safe is generally open throughout the day. You can see it from the bank teller counter, but step over the line and you will find out how good their detection-response plan is.

Evaluating your Company's Approach

Now look at your digital assets; how are they protected? If you are like most organizations, your entire security strategy is built on protection controls. Almost every organization in America today has a firewall, but does not have the ability to detect and respond to unauthorized users. Here is a simple test; run a Spyware removal program on your system and see what comes up. In almost every case you will find software installed on your system that was not installed by an authorized user. In the past this has been an irritation; in the future, this will become the program that links uninvited guests to your data. Bruce Schneier, a well known security author and expert writes in his book, Secrets and Lies, "Most attacks and vulnerabilities are the result of bypassing prevention mechanisms". Threats are changing. The biggest threats likely to invade your systems will bypass traditional security measures. Phishing, spyware, remote access Trojans (RATS), and other malicious code attacks are not prevented by your firewall. Given this reality, a detection response strategy is essential.

It's time to review your security strategy. Start by asking three questions. First, which assets are critical to your business, where are they located, and who has access to them? Second, what threats exist? Determine who would want your data, how they might gain access, and where the possible weaknesses in your security architecture lie. Finally, how comfortable are you with your company's ability to detect and respond to unauthorized access. If someone wants access to your data, preventative measures alone won't stop them.

Begin planning a balanced security architecture. Start by adding detection controls to your prevention architecture. This does not mean simply adding intrusion prevention software (IPS), but rather creating a system to proactively monitor activity. Intruders make noise, just like in the physical world, and with proper event management, combined with zero-day defense technologies of IPS, network administrators can begin to understand what normal activity looks like and what anomalies might be signs of an attack. In a recent interview with Scott Paly, President and CEO of Global Data Guard, a Managed Services Security Provider (MSSP), Scott said, "Threats such as worms and new hacker techniques constantly morph, so the most viable model for optimum security is a blend of preventive and predictive controls based on analysis of network behavior over time". By balancing prevention, detection, and response, companies can defeat most of the latest hacker attempts.

David Stelzl, CISSP is the owner and founder of Stelzl Visionary Learning Concepts, Inc. providing keynotes, workshops, and professional coaching to technology resellers. David works with executive managers, sales people, and practice managers who are seeking to become market leaders in technology areas that include Information Security, Managed Services, Storage and Systems solutions, and Networking. Contact us at info@stelzl.us or visit http://www.stelzl.us to find out more.

Conducting a Comprehensive Background Check - Is That Really Necessary?

A comprehensive background check is the process of looking up public records or documents that are compiled by the government and other affiliate organizations, to check on the background of a person. These public records include commercial records, financial records, property records, intellectual property registration and other personal records. A background check is often executed when someone is applying for a job that requires high security profile and trust such institution who opt for this high level of search are airport, law enforcements, bank, schools and hospitals.

Today, a comprehensive background check is only done by the above mentioned sectors, now even employers who wish to hire a new employee do a comprehensive background check on their potential staff. This can give information on the character of a person who is applying for the job is credible or not. Comprehensive background checks nowadays has been an essential tool for individuals, with rampant socializing that has been happening in the online scene today such as online dating and cyber matching, blind dates, and online marriage matches. These types of checks are essential to know more about an individual whom you virtually met. This character checks also helps individuals be protected from con artists, sexual abusers or sex slavery dens among dominant crimes of today. So it is but essential to perform a thorough background check to see whom you are about to date.

As today's generation increases the incidents of both parents working, parents also use this search as a tool in evaluating a person's character especially if they would like to hire a babysitter, choose the right day care facilities and house help. This aids them to find a suitable candidate for the job that could be trusted to be their children, home and family. When it comes to the safety of your loved one's, a thorough background investigation is a must.

A comprehensive background check is also used by government law enforcement agencies to track down law offenders and criminals. It can give away location s where that person is and even the numbers of the neighbors. They also use these kinds of check to get a profile on an individual. As an individual, performing these checks are easy, all you need is a computer and an internet connection and you are free to do your investigative research. Avail of the services of websites that gives extensive results and accurate findings. It is also better if this website has a track record of giving accurate and fast results. So if you're asking if a background check is necessary? It sure is!

Laila Ford

Author at ezinearticles.com

Also at Background Check

Conducting a Comprehensive Background Check - Is That Really Necessary?

A comprehensive background check is the process of looking up public records or documents that are compiled by the government and other affiliate organizations, to check on the background of a person. These public records include commercial records, financial records, property records, intellectual property registration and other personal records. A background check is often executed when someone is applying for a job that requires high security profile and trust such institution who opt for this high level of search are airport, law enforcements, bank, schools and hospitals.

Today, a comprehensive background check is only done by the above mentioned sectors, now even employers who wish to hire a new employee do a comprehensive background check on their potential staff. This can give information on the character of a person who is applying for the job is credible or not. Comprehensive background checks nowadays has been an essential tool for individuals, with rampant socializing that has been happening in the online scene today such as online dating and cyber matching, blind dates, and online marriage matches. These types of checks are essential to know more about an individual whom you virtually met. This character checks also helps individuals be protected from con artists, sexual abusers or sex slavery dens among dominant crimes of today. So it is but essential to perform a thorough background check to see whom you are about to date.

As today's generation increases the incidents of both parents working, parents also use this search as a tool in evaluating a person's character especially if they would like to hire a babysitter, choose the right day care facilities and house help. This aids them to find a suitable candidate for the job that could be trusted to be their children, home and family. When it comes to the safety of your loved one's, a thorough background investigation is a must.

A comprehensive background check is also used by government law enforcement agencies to track down law offenders and criminals. It can give away location s where that person is and even the numbers of the neighbors. They also use these kinds of check to get a profile on an individual. As an individual, performing these checks are easy, all you need is a computer and an internet connection and you are free to do your investigative research. Avail of the services of websites that gives extensive results and accurate findings. It is also better if this website has a track record of giving accurate and fast results. So if you're asking if a background check is necessary? It sure is!

Laila Ford

Author at ezinearticles.com

Also at Background Check

Is Internet Banking Really Safe?

In this article I am going to explain what internet banking is, how internet banking can make your life easier and more comfortable, how to use net banking and what things you should remember while using internet banking to make your online activities more secure and safe from hackers and internet threats.

Internet banking is facility provided by your bank company. This is website based service, you can register for net banking account by applying from your local bank branch. After login to your online internet banking account you can do many tasks like...

1. Send money to your friends and family online without need to visit bank.

2. Pay your electricity bills, telephone bills, insurance premium from your bank account online.

3. Recharge your prepaid mobile and DTH services account.

4. Load money to your debit or credit card.

5. Shop online from many online shopping center that supports payment through net banking.

You might not get all of the above services with your bank, it defers with the different banks. But just imagine, if you can do (most people really need it in their routine life) all this work at home without visiting office and wasting your time for standing in queue, You can spend that saved time with your friends and family, it also saves transport cost to visit the office.

But most common users are not availing this facility with their bank account and most because of the fear of safety. Hence, I have discussed here many tips that can teach you the way to use your online account and make your online transactions safe from hackers.

1. Always use strong login password and transaction password. Don't ever do mistake to keep both login and transaction passwords same. Do not disclose your password to any one, don't write it anywhere just remember it yourself and keep changing it after few weeks.

2. Keep your PC / Laptop virus free and protected with Internet security suite including firewall. Because if your pc is infected with viruses like 'Trojan horse', they might still your keyboard information and hence your username and passwords of internet banking.

3. Do not click on 'remember with this computer' link below login box and do not save your username passwords in your internet browser. Use onscreen 'virtual keyboard' if provided on login form by your banking site.

4. Do not access your internet banking from public place like cyber cafe, and not even from your friend's or office PC.

5. If you get an email asking you to click on link and visit bank site, don't forget to look at address bar and check for the correct url. For example, if you are ICICI bank account holder and receive email saying 'to transfer your account in new most secure system, please click here', you may be redirected to fraud site which looks and behave exactly like your bank site but meant only to steal your passwords. So if it's not icicibank.co.in url in address bar, ignore the site and don't disclose your password.

6. In online shopping, when you checkout for the payment, you will be redirected to your bank site for payment transaction. Here also, don't forget to check for the address bar URL.

7. Immediately inform your bank about transaction alerts you received in your mobile inbox that you have not done.

I am sure that following above guidelines will make your Internet banking experience most secure and you will really enjoy the benefits of net banking.

visit Basic Computer Internet Knowledge for latest tips.

Are Hackers Really Targeting Me?

One of the questions I hear all of the time is "who are these hackers, and why are they targeting me?" Most people erroneously assume that hackers are poorly behaved super-smart kids--geeks that get a kick out of manipulating the system and causing mischief. They envision poorly supervised teenagers sitting around a computer trying this and that until they crack into a system. Many of us remember the movie "War Games" where Matthew Broderick plays a lovable, super-smart high school student who hacks into the school's computers to manipulate his grades, and who accidentally hacks into the Defense Department's war games computer and nearly starts a nuclear war.

Today, hacking is no longer kid's stuff, but a multi-billion dollar industry that spans the globe. Some experts believe that as many as 25% of all computers are infected by hacker's software. Visualize a robot. Mindless, emotionless, silent unless it comes to life. A big part of what hackers do is to turn your computer into a robot. The tech name for this is a BOT-network, actually. Suppose you go on the Internet and download something--perhaps a song, some freeware, a game--you will never know that download is infected. When you click download, you not only get your music, but the download will install hidden software deep inside your computer that will turn your computer into a robot. This software is called a virus, a worm, spy ware, malware, or a Trojan horse. The hackers gather thousands of bot computers into a bot network, and these computers are used to send infected files to thousands of other computers. If the attack is caught and traced, it is traced to you, not to the hacker. There are a few symptoms that your computer is a BOT--mainly that it slows down because the hacker is using your resources, but often you get pop-ups, and the computer starts performing unusually and locking up. Often the ISP (Internet Service Provider) will catch this, and shut down your Internet connection. We have people come in our business all of the time who are incensed because their ISP has shut them down for sending spam. They are always understandably upset, and don't understand until we explain to them that they have been hacked. Once we fix their computer, the ISP will hook them back up. Don't worry, the Internet Police are definitely not going to show up at your door and arrest you for sending spam, everyone knows what is going on here, but your computer MUST be cleaned up before it is put back on the Internet. Your computer is being used to steal identities, and rob people--by a person who may be on the other side of the world! There are actually businesses who sell time on their bot-nets, for bad guys to send their malicious software to thousands of unsuspecting computers! This leads me to the next type of hacker--the phisher.

The main goal of hackers is to gather information to steal money. Phishing is pronounced fishing--and it is the same thing--fishing for information. The phishers have a variety of ways to steal your information, all of which require YOUR action--clicking on something. A main way for phishers to gather your banking information is to send you an email (through a bot-network) that tells you that your banking information needs updating, and that your account has been frozen until you resolve this. You may have gotten such an email, it may be confusing because it is not from your bank. These guys know that among the thousands of phishing emails that are sent, some of the recipients will be customers of that bank. According to the FBI, as many as 3% of the recipients of these phishing emails actually input their bank passwords and pins. With one click, their identity is stolen, and their bank account drained.

Another type of phishing works like the bot-network, you download a file, and get hidden software installed deep in your computer, hidden from view. This type of software is called a Key logger. This creepy software allows the hackers to see everything you type-and remotely see, and go through your computer files. The goal is to find passwords, credit card numbers, names, addresses, social security numbers, email passwords--in other words, your identity. When you log onto your bank account, or type in your credit card number, it is as though the hacker is looking over your shoulder. These identities are gathered and sold on websites to bad guys who will steal your identity and rob you. They are sold in groups--like complete identities (including name, address, passwords, credit cards, and mother's maiden name), partial identities, or just credit card numbers. Sometimes these creeps even have buy-one-get-one-free sales of people's identities! The FBI has a whole department that monitors these websites, and works diligently to catch the cyber-crooks. However, many of them are in places in the world where extradition to the US for prosecution is complicated, often Russia or Nigeria.

I do not mean to give you the impression that you are helpless in this, and that you should never use your computer again! There are ways to out-smart them. First, if you haven't read my articles about hackers and cyber-intrusions, read them. However, I am finding that one of the best new tools to combat key loggers is software where you enter your log-ins and passwords (and credit card numbers), and when you need to log in or enter your passwords, pins, credit card numbers, name, address--anything that can be stolen from you, the software automatically enters it in an encrypted format. You never type this on your keyboard so the keys can't be captured, and if the bad guys can see your computer, what they see is encrypted. We also recommend that the time has come to make your passwords tough to crack--long, a combination of numbers and letters, unpredictable. For example, your first grade teacher's name followed by a number combination followed by the name of a river you know. I know this is hard, but it is important to have unpredictable and long passwords as a part of your cyber-safety routine.

This problem is not going away, in fact it is slated to get worse. Hackers are not only targeting individuals, but governments, banks, and large companies. So strap on your cyber-pistols and meet those creeps on their own turf--knowledge!

Dennis Kilcrease brings extensive experience in some of the finest military installations in they country to his clientele. This experience includes Chief Network Engineer for Army Space Command at Peterson Air Force Base in Colorado, the SIPRNET email project for top military brass at the Pentagon, as well as industry experience with international companies such as General Dynamics and SI International.
Dennis now owns Computer PRO, located in Silsbee, TX, where he offers a full range of computer services.
http://www.computerprotexas.com