Facebook recently announced that they had been subject to a highly sophisticated attack. Whilst facebook's internal security teams has been able to respond and contain the attack, many small business don't have the resources to do the same. Just recently I was contacted by another Manchester professionals member and when looking at the website listed in her companies profile, our security filters blocked access as the website had some sort of malware installed. Websites are a valuable part of any electronic marketing strategy and having them blocked, or hijacked by hackers represents a significant loss of investment for any business. However if you don't have the means to detect it you could be referring clients or prospects to your site and infecting them potentially damaging your own reputation in the process. As part of our forensic investigations we many numerous companies that have suffered security breaches, typically that lead to the theft of credit card data, personal data (such as mailing lists, contact details or CRM data). Many of these breaches could have been prevented through the application of sensible security practices being applied. Don't just leave the security to your IT provider and expect that they will do it "out of the box". Very recently we investigated a company whose IT provider had left very weak passwords on the remote access software which meant that almost anyone could log into their network. When queried the IT provider had never been audited by their customer, or subject to any level of review. Nothing was in the contract mandating any security levels and so everything was done to the lowest common denominator. Securing information appropriately is an expectation under the data protection act if you are looking for guidance then the international standards ISO 27001 & ISO27002 are a good starting point. If you would like to discuss how a security breach could affect you, or how to comply with security standards such as the PCI DSS or ISO27001 then please feel free to get in touch (07889 183207 - andrew.barratt@ptpconsultingllp.com).
Contact Details Mobile - 07889 183 207 Skype - andrewbarratt andrew.barratt@coalfire.com Andrew is an experienced IT and Information Security Consultant, PCI DSS advisor and QSA. As a…
Post articles and opinions on Manchester Professionals
to attract new clients and referrals. Feature in newsletters.
Join for free today and upload your articles for new contacts to read and enquire further.
