TriCom Technical Services

Here We Go Again…

In Apple, breach, data, employers, I.T. crisis plan, information, PlayStation on May 7, 2012 at 2:27 pm

Didn’t we learn our lesson during Sony Playstation’s data breach in April 2011?

Or even just months ago when all major credit card brands suffered a massive data breach?

Now Apple joins a group of elite mishaps that seem to have overlooked a huge data security issue. In an apparent accident, a programmer’s oversight rendered helpless the login passwords of every user who has logged in since the OS X Lion update 10.7.3 update was applied.

According to ZDNet, “Anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault is vulnerable.”

This begs the question – Are we all too willing to turn over our personal information, credit card numbers, username/passwords, etc. in such a trusting manner to corporations who obviously cannot fully secure our private data?

Are companies not double or triple-checking their work, being sure to dot all i’s and cross all t’s?

Want to prevent a data breach? Follow these 6 steps:

  1. Stop incursion by targeted attacks
    The top four means of hacker incursion into a company’s network are through exploiting system vulnerabilities, default password violations, SQL injections, and targeted malware attacks. To prevent incursions, it is necessary to shut down each of these avenues into the organization’s information assets. Core systems protection, IT compliance controls assessment automation, and endpoint management, in addition to endpoint, Web, and messaging security solutions, should be combined to stop targeted attacks.
  2. Identify threats by correlating real-time alerts with global intelligence
    To help identify and respond to the threat of a targeted attack, security information and event management systems can flag suspicious network activity for investigation. The value of such real-time alerts is much greater when the information they provide can be correlated in real time with current research and analysis of the worldwide threat environment.
  3. Proactively protect information
    In today’s connected world, it is no longer enough to defend the perimeter. Now you must accurately identify and proactively protect your most sensitive information wherever it is stored, sent, or used. By enforcing unified data protection policies across servers, networks, and endpoints throughout the enterprise, you can progressively reduce the risk of a data breach.
  4. Automate security through IT compliance controls
    To prevent a data breach caused by a hacker or a well-meaning or malicious insider, organizations must start by developing and enforcing IT policies across their networks and data protection systems. By assessing the effectiveness of the procedural and technical controls in place and automating regular checks on technical controls such as password settings, server and firewall configurations, and patch management, organizations can reduce the risk of exposing sensitive information.
  5. Prevent data exfiltration
    In the event a hacker incursion is successful, it is still possible to prevent a data breach by using network software to detect and block the exfiltration of confidential data. Well-meaning insider breaches that are caused by broken business processes can likewise be identified and stopped. Data loss prevention and security event management solutions can combine to prevent data breaches during the outbound transmission phase.
  6. Integrate prevention and response strategies into security operations
    In order to prevent data breaches, it is essential to have a breach prevention and response plan that is integrated into the day-to-day operations of the security team. The use of technology to monitor and protect information should enable the security team to continuously improve their strategy and progressively reduce risk, based on a constantly expanding knowledge of threats and vulnerabilities.
  1. […] Online security is a big deal, and we have witnessed many security breaches in the last year (Apple, Sony PlayStation, and all major credit card brands, just to name a […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: