ABS Information Systems

    So you feel relatively comfortable that you have created cyber security around your data and your employees are trained to avoid security errors in their day-to-day business ( a MAJOR source of security breaches, by the way.) However, you may be overlooking one area where you are exceptionally vulnerable. What protection do you have from those you do business with? If you are a manufacturer, for example, you may have several vendors who provide components and raw materials. How careful are they about data security? Smaller producers and service providers may perceive themselves as not being a likely hacker target, which is incorrect. Small firms are significant targets for data hacking because they have access to larger firms. They can provide a “digital backdoor” to the firms they sell to.   You need to work closely with all of your vendors to ensure that they are as serious about protecting their systems as you are. If you share digital information with your subcontractors, you o...

    Did you know the illicit trading of personal data was worth $3.88 billion last year? Cybercrime is a growing industry known for its innovation. It goes far beyond the image many of us have of some hacker kid in his basement. Many who engage in this activity are professionals and work in large teams. Some may even be sponsored by governments. If you follow the news, you can find large corporations and even government agencies who have fallen prey to hackers and had massive amounts of data compromised. Unfortunately, this has led smaller firms to feel they fly below the radar. In fact, the opposite is true. Small businesses-especially those in regulated areas such as medical, financial, and legal services-need to be hyper vigilant about security. The cybercriminals' professional efforts will outdo your amateur efforts at security.   As a small business, you are vulnerable for two reasons. First, serious hackers see small business as entrances into larger entities. Small firms tha...

     Any business that stores customer payment information must comply with a number of state and federal regulations. The legal, healthcare, and financial sectors have a number of laws tailored specifically for them (such as HIPAA or CISPA). If you run almost any kind of professional practice or agency you probably have very specific data security requirements. Running afoul of these regulations puts you at risk for legal action and probably means that you have bad security in place.   As a professional, your focus needs to be on your clients and running your firm. Regulatory requirements to ensure data security can be complex and include rigorous testing requirements. Ensuring compliance with the regulations can be a serious distraction for you and take you into territory where your experience is limited.   One of the best solutions is to work with a third party who has strong credentials in the area of regulatory compliance and data security. When you are working with a third party ...

    If you are a smaller Not-for-Profit, it is likely that your organization has been driven from its inception by individuals strongly motivated with a passion for their cause or humanitarian goal. As a result, it is also possible that the leadership has little interest in developing the administrative technology infrastructure that is necessary for any organization to function in the internet age.   Failure to understand and focus on technology can damage an organization's growth and success. However, NPO leadership has to be laser focused on the day-to-day struggles of the organization such as seeking funding, keeping the doors open, and pursuing the mission. As a consequence, technology infrastructure may be cobbled together as an afterthought; resource limitations may lead to short term tech decisions that can be wasteful and more expensive in the long term.   An NPO, with its tight budget margins, is an excellent example of an organization that could benefit from outsourcing ...

    You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are careless with passwords.    Change Passwords - Most security experts recommend that companies change out all passwords every 30 to 90 days. Require passwords that mix upper and lowercase, number, and a symbol. Teach employees NOT to use standard dictionary words ( in any language), or personal data that can be known, or can be stolen: addresses, telephone numbers, SSNs, etc. Emphasize that employees should not access anything using another employee's login. To save time or for convenience, employees may leave systems and screens open and let others access them. This is usually done so one person doesn't have to take the time to logout and the next take the effort to log back in. Make a policy regarding this and enforce it. If you see this happening, make sure they are aware of it. These are just a few basic pa...

    The Cloud: Are there security issues?   For many, the idea of offloading their data to another physical/virtual location can seem like a security risk. It seems counter intuitive that moving data away from “ home” is safer. But is that really true? Any server stored at your location is probably more physically vulnerable than one protected in a large server farm. If you had a fire, flood, or other physical damage that included damage to your server, what would be the result? Also, are your backups stored on–site? If a major event damaged your entire physical location, those backups would be also lost.   There is a second reason the cloud may be safer: security. All of your data, no matter where it is located, may be vulnerable to cyber attacks and data breaches. However, cloud storage providers probably offer some of the most sophisticated security projection available. It is unlikely that a small or even mid-sized firm has the internal resources and research capacity to maintain a...

   How the cloud saves smaller firms money   OK. You pay someone to store all of your data in the cloud, as opposed to keeping it on your own server and backing it up. And you pay on an ongoing basis. How is that possibly going to be cheaper than just making a one-time investment and keeping it your self?  Let’s count the ways:   (1)  You lose the hardware expense –a capital expenditure cost. (2)  If that hardware fails, you are out in the cold.  (3)  Someone has to maintain that hardware. In house IT labor is expensive.  (4)  If you need more capacity, you have to ramp up at a tiered level, which means you may need to buy capacity you don’t presently need  (5)  All of that hardware runs on software, which costs money  (6)  All of that software needs to be installed, updated, etc. (see # 3)  (7)  All of that hardware and software has to run 24/7. Are you large enough to pay for in house monitoring and support 24/7? (See again #3)  (8)  All of that data has to be protected with security...