What are your risks?
Did you know that:
- You may have corporate and personal legal liability if information you hold in trust is compromised, or if an attacker uses your systems to cause damage to others. The Giga Information Group has a recent report which outlines possible legal liabilities for individuals and corporations not following best practices for information security.
- Federal laws, like the Health Insurance Portability and Accountability Act (HIPAA), require minimum standards of protection for personal health-related information. Noncompliance can result in civil penalties of up to $25,000 to each individual responsible for such non-compliance.
- New State laws, like California's SB 1386, require mandatory customer notification if any personal data may have been compromised by an intruder
Over eight million credit card records were recently stolen from a credit processing agency. Top websites have been shut down by hackers, including Yahoo, Amazon, and eBay. Thieves stole 15,700 credit-card and debit-card numbers from a Western Union web site. The FBI broke up a Russian theft ring that gained illegal access to 40 banks and e-commerce sites in 10 states by exploiting a well-known Windows NT vulnerability. Over a quarter of a million web sites were taken over and defaced by the Code Red worm. Most internet thefts and break-ins are never even reported in the media, because the victims are afraid of negative publicity. The Yankee Group predicts that hacker attacks will cost businesses $1.2 billion annually.
What about the vulnerability of your website? What about the confidential corporate documents stored on your network? Security is an important piece of almost every web application delivered, and yet security is often overlooked until after a system is developed, or worse, after a significant intrusion occurs. Montebello Partners can help you identify and minimize your risks in a cost-effective way.
What you can do
- Review the SANS top 20 list of Windows and Unix security vulnerabilities, and close any which are relevant to your installation.
- Ensure the you have up-to-date virus protection installed on all your desktop systems, and email attachment-screening set up on all email servers.
- Audit your security by assess your network for vulnerabilities commonly exploited by hackers. If you don't have someone on staff who has time and expertise to do this, get an outside expert to help you.
- Establish a comprehensive process which evaluates your threats and vulnerabilities, and maintains and ensures your security policies.
- Encourage everyone you know who has a broad-band connection from home to install a hardware or software firewall.
Improving your network security not only protects you, it also helps everyone else on the Internet, because hackers take over insecure machines which are then used to commit fraud or theft, and to become zombies which launch Distributed Denial-of-Service attacks (DDoS).
More information
Please click to see:
- Description of our security services
- Useful security links and tools