Helping clients manage their technology for over 30 years.

When It Comes to Security, Know Thyself

Data Security & Data Loss Prevention (DLP)

“If you don’t understand the risks, you don’t understand the costs,” security guru Bruce Schneier advised during a TED talk.

He was discussing security in the abstract — but it got me thinking about IT security in particular and the difficulty many executives face trying to determine if their organizations are safe from cyberattack.

The problem is that these conversations nearly always turn technical. Soon, a flurry of technology acronyms — confounding but apparently reassuring — begin flying around the room.

And, reports Schneier, it works. People, he says, will “respond to the feeling of security and not the reality.”

So what can a CEO do to understand the reality of security risk and grasp what the actual cost of security failure might do to the organization?  Continue reading

It’s Easy to Avoid Data Room Disaster

Data center services

I heard a story recently about the theft of servers from a data room.

The company had locks on all outside doors, but had neglected to install a lock on the server room door.

The thieves would probably have broken that lock, too. Yet the story reminds me how often data rooms get overlooked. The chief reason? Budget … more specifically, lack of budget.

Continue reading

Think it can’t happen to you? Think again

Target with a cluster of bullet holes around the bulls eye.

Two kinds of security threats have emerged of late that need special attention, even if you’re running a small enterprise: Targeted zero-day attacks and advanced persistent threats.

Targeted zero-day attacks
Microsoft’s recent Internet Explorer security flaw (see my last blog post) is a fine example of a zero-day attack. The attackers got their edge from speed, since reactive countermeasures that depend on threat signatures — such as patching and tools like antivirus software and intrusion prevention — couldn’t be updated fast enough to halt the flaw.

Continue reading

Data backup/recovery best practice #10

This last of my backup/recovery best practices is far from the least of them:

#10 Conduct regular testing and reviews of your data recovery capabilities

Backups can be corrupted (especially if they’re tape-based) and too often backups are performed incorrectly. Key files, directories, or components may have been excluded, especially if your infrastructure has undergone adds or deletes.

Continue reading

Being thankful for backups

Thanksgiving is a time for giving thanks, eating turkey, and enjoying the fellowship of family and friends. And no one wants the holiday ruined by a call like this…

“All our customer files have evaporated. As have everyone’s email messages, all pending customer orders, and the accounts receivables database.”

Would you be able to reconstruct that data from scratch? Or, worse, try to move on without it?

Continue reading

Infrastructure security and coping with cloud and social media: 9 key questions to ask

Our chief technical officer, Mike Dillon, estimates that the number of infected sites is growing by 20% to 25% a year. “If your company is shifting more toward cloud services and hasn’t addressed security, you will be attacked,” he says.

So here are the (non-technical) questions you need to ask and get answered to protect your business:
Continue reading