Are Hackers Costing You Money?
Findings from “The First Annual Cost of Cyber Crime Study” were published this week on InfoWorld. The article explains that the study assessed 45 U.S. organizations, and found that cyber crime (web attacks, malicious code, viruses, etc) costs each organization $3.8 million per year, on average.
An average loss of $3.8 million, per organization!
Although these numbers don’t even seem plausible, the mean loss per organization was averaged from a low of $1 million to a high of $52 million. These dollar amounts represent the cost of coping with a cyber attack, not the costs of preventative care.
The Findings
According to the study, the types of cyber crime reported included:
- Stealing Intellectual Property
- Confiscating Online Bank Accounts
- Distributing Viruses/Malware
- Leaking Confidential Business Information
So What Can I Do?
Don’t just assume a firewall and an enterprise level anti-virus system is the solution. Although highly recommended, they are only PART of the safeguards your organization’s IT Services needs to have in place to reduce the susceptibility to cyber attacks.
Your organization SHOULD have a Privacy Policy that dictates how to handle intellectual property as well as how to safeguard confidential information from being leaked.
Your organization can also hire a technician to perform services such as:
- Security Audit - installs an application on the network that is designed to identify, classify, secure, monitor and report on sensitive data.
You need to make sure all Information Technology areas in your company are safeguarded to reduce your vulnerability to cyber attacks which will save your organization a lot of money, time, and aggravation.
Search Privacy
On May 13th, Google announced that it will offer a web-encrypted search feature to increase privacy for end-users. We've asked our computer security expert, Ben Howard, to explain how Google is able to make search more secure with its new web-encrypted search option.
Ben says that Google allows the use of SSL (Secure Socket Layer) to connect a user's browser to their search engine. The new site, https://www.google.com(very important to add the "www." as https://google.com will simply redirect you to the non-SSL search engine), features SSL to help secure your search requests. SSL establishes an encrypted session with your browser by automatically exchanging keys that enable encryption. This "session" is, in effect, a virtual tunnel between your internet browser and the Google's website. By encrypting the session, or virtual tunnel, it becomes very difficult for someone other than you or Google to read the data transmitted between you and Google.
Ben explains that what this means is that only you and Google will know the contents and results of your searches. He says that this may sound benign, but the end result is your searches are now private.
Besides improved search security, Google's offering may have other implications. According to Ben, enabling SSL to encrypt search queries is certain to bear some consequences in the ongoing debate over free-speech between Google and China. The debate has the potential to spill over into the U.S. workforce as companies grapple with their own concerns of employee free-speech versus a company's right to enforce work and ethics policies.
Ben Howard is a Senior IT Associate at NSK Inc. with MCSE, Security+, CCNA Security, and NSA 4011 certifications.
Protecting Your "Social" Security
Your organization's cloud (whether it is private, public, or hybrid) is safeguarded by intruders through the use of firewalls, VPNs, SSL encryptions, and other security measures. However, what does a company do if proprietary information is used or misconstrued - that is information that was voluntarily released onto the world-wide-web? I'm talking about social media, where the world is a conversation.
In this day and age when everyone and their grandmother (literally) are hopping on the social media bandwagon, privacy regarding personal data on these websites is becoming an increasing issue. With super-platforms such as YouTube, Facebook, and Twitter, everyone is buzzing - but forgetting that what they are talking about not only is broadcast globally, but if in the wrong hands, can be dangerous.
Recently, Facebook has come under fire due to an application vulnerability that would allow hackers to link users to malicious websites. A recent article from PC World noted that the flaw could make users private data public domain. Then again, how strict can privacy settings be for information that users are willingly posting to the web?
The solution - make sure your organization has a social media policy in effect. It doesn't have to be anything fancy (i.e. written by an attorney, notarized, and framed in the office). Rather just a few bullet points added to the employee manual or posted to the organization's wiki or work server.
Some common areas employees should be notified of are:
- Tweeting about projects not yet publically announced.
- If the company hasn't officially announced it, don't talk about it.
- Complaining about a co-worker or boss in your Facebook status.
- Not only is it disrespectful (save it for when you are home and want to vent to a significant other), but it is bad PR for your organization if employees are updating their news feeds with slander.
Another safeguard employees can use is to check their privacy settings on their personal Facebook pages to make sure they aren't letting their personal information outside of their own networks.
Here is another great article from PC World that instructs users on how to scan their own Facebook profiles for vulnerabilities.
Employees are allowed to have social lives, they just have to make sure their personal and professional Tweets/Posts/Blogs are thought out before they are released into the cloud that is the internet.