Current Trends

We hope that you have found this blog to be useful. New postings and updates can now be found on Altius IT's Information Security and Network Security Blog.

Thank you for visiting,
Jim

Information Security Tip #3: Procedures

Policies and procedures help you meet your obligation to your customers, affiliates, and employees. Protect your electronic information with these simple steps:

• Physical security. Network defenses can be critical, but when it comes to protecting personal information, don’t forget physical security. Ensure access to network servers is restricted to authorized personnel.
• Encryption. Use encryption to protect sensitive data such as credit card numbers, social security numbers, driver’s license numbers, etc.
• Viruses. Viruses, spyware, and other malware can compromise your systems and your data. Ensure your anti-virus and anti-spyware software is updated on a regular basis.
• Passwords. Most organizations use an ID and password to grant access to your data. Ensure your passwords are long and complex and changed on a regular basis.
• Education. Remind your employees that electronic security is everybody’s business. Hackers certainly pose a threat, but sometimes the biggest risk to a company’s security is an employee who hasn’t learned the basics.
• Access. Provide access to sensitive information only on a “need to know” basis. Have a procedure in place for making sure that workers who leave your employ or move to another part of the business no longer have access to off-limits information.
• Detection. Intrusion detection systems can alert you to breaches in your network security. IT should monitor incoming and outgoing traffic for higher-than-average use at unusual times of the day.
• Patching. Check expert resources like www.sans.org and your software vendors’ websites for alerts about the latest vulnerabilities and vendor-approved patches.
• Providers. Ensure security practices of your contractors and service providers. Before outsourcing business functions, ensure agreements define security requirements.
• Documentation. Organization policies give direction and guidance but generally lack sufficient details to describe how things should be done. By documenting your detailed procedures, your organization can ensures consistent and sustainable protection of your information assets.

Not all risks are created equal and risk assessments help firms reduce their costs while increasing protection of their “information assets”.

Information Security Tip #5: Incident Response

Incident Response. Taking steps to protect personal information in your files and on your network can go a long way toward preventing a security breach. Nevertheless, breaches can happen. That’s why Altius IT recommends that organizations have a plan in place to respond to security incidents. Altius IT's tips on customizing your company’s security response plan include:

• Team. Senior management sets the tone for an organization’s commitment to data security. Designate a well-respected senior official to head up your response team.
• Plan. Once you’ve put together your response team, have them draft plans for how your business will respond to different types of security incidents. Sample scenarios may include a lost laptop, servers hacked, internal theft of data, etc.
• Timely. If your staff suspects a breach, investigate it immediately. Waiting days to convene a committee can waste precious time.
• Disconnect. If you suspect a computer breach, immediately sever the compromised computer’s access to the Internet and to your network. To assess the impact, ask your IT staff to preserve any available network logs, file transfer logs, system logs, and access reports. Also investigate if intruders opened files or placed new programs on your computer.
• Contact. Consider whom to inform in the event of an incident, both inside and outside your company. You may need to notify consumers, law enforcement agencies, customers, credit bureaus, and other businesses that may be affected by the breach. In addition, about 40 states have laws addressing data breaches. Have that information on file before you need it.

Security assessments help organizations identify, manage, and reduce their risks.