Heads up — the article lists very good points. Is your company allowing BYOD and do you have policies and security in place?
Excerpt: Allowing employees to bring their own devices to work is causing new challenges, including what happens when a device needs to be wiped or employees want to sell their smartphone or tablet.
Mobile security and BYOD (bring your own device) are main themes at the European edition of RSA’s security conference, which takes place this week in London.
Read full article via Legal and technical BYOD pitfalls highlighted at RSA security conference | CFOworld.
Advice for all small businesses that are now challenged with security and BYOD issues. Good read.
Excerpt: The report goes on to detail five primary recommendations to manage today’s enterprise mobile risks and setup a platform for growth.
Read full article via Consumer Devices are Here. Is Your Enterprise Security Ready? – Information Management Online Article.
A new model of handling the increasingly more important security risks. Risk management is not a small task and this model may help you meet the challenge.
Excerpt: In this webinar, Westerman discusses how an organization can identify its most pressing risks, eliminate silos in managing risks, and use the new model to create and leverage competitive advantage.
Check out video here via A New Model for Minimizing Cyber and IT Risk – Jason Sylva – HBR Events – Harvard Business Review.
If you are responsible for your WordPress site, blogging or company, here are 10 basic steps to ensure some necessary security.
Excerpt: With that in mind, there are some steps that arguably every WordPress user should take to secure their site(s).
Read full article via The 10 Things You Need to Know to Secure Your WordPress Site – ManageWP.
More on security and privacy — internal policy and regulatory compliance. This article presents more of the why, as well as the status and possibilities. Internet security and legal
Excerpt: I agree. But using a fortress-like Simplified Single Signon (SSO) with a non-password strong authentication method to access it (such as a hardware token or a proximity device) could go a long way towards mitigating the risk of data breaches. Yes, it will be an expense both in terms of hardware/software purchases as well as setup time and user education. But the immediate payoff is protection of the organization’s reputation while the long term benefit is keeping the organization solvent and its officers out of jail.
Solvency? Jail time? Businesses breaching European Union privacy rules will soon face fines of up to 5 per cent of their global turnover, which could extend to billions of euros for large multinationals. Expect that other western democracies in North America and the Asia-Pacific region will soon follow suit. From there, it’s a small step to criminalizing the behavior of corporate officers who ignore the potential for data breaches. Already (as in the recent Facebook breach) we’re seeing class-action civil lawsuits in the US against the company alleging they failed to protect the interests of their users.
Read full article via User views on Privilege Management | Dave Kearns.
I think everyone needs to look at compliance to internal policy as well as compliance to FTC and OCR. These are big tasks not to be taken too lightly. Internet, privacy and security
Excerpt: A big take away for me were the similarities of the Federal Trade Commission’s investigations and the Office of Civil Rights Privacy post-breach investigations. Both agencies investigations are evaluating organizational policies and procedures, determining if they are current and if they are being followed consistently. The number of investigations completed by the FTC is much greater than OCR. I found this interesting because we are now beginning to see the Office of Civil Rights ramp up their investigation program and levy fines against organizations that are found out of compliance. If, the OCR follows the FTC’s lead related to privacy breaches it is about to get more expensive to be a healthcare organization, unless your business is compliant with HIPAA and HITECH regulations prior to a data breach.
Read full article via Cyber Risk & Privacy Liability Forum | ID Experts.
Good security advice. Download their guide for how-to prepare. Information technology
Excerpt: Cyber security is not only a technical issue, but a core business imperative. Faced with attackers who move quickly and unpredictably, organisations also need to be able to act and respond quickly and flexibly. Being prepared for a cyber attack is not just about having a good IT policy but good governance across the business. When attacked, businesses need to be able to rely on well thought through plans and respond assertively.”
For further information, including a step by step guide for businesses on how to prepare themselves for cyber attacks, please see PwC’s The Cyber-Savvy CEO
Read introduction and download guide via PricewaterhouseCoopers Media Centre – PwC: Don’t think “if”, think “when” on cyber attacks. From PwC
Small business heads up security. You are being targeted by scams that, unless you are vigilant, will sneak past your defenses.
Excerpt: Believing the e-mail to be legitimate, they clicked on the accompanying link, which downloaded viruses on two of the business’ computers. Luckily, they had the malware infections removed before any important information was leaked.
Read full article via 6 Scams That Target Small Businesses : Lifestyle :: American Express OPEN Forum.
Small business can use these tools that they probably already have to improve their security in today’s world of information technology freedoms.
Excerpt: So how do you balance keeping your employees happy with maintaining control of your company’s assets?
Read full article via How to Keep Your Employees Happy With Their Company PCs (Without Losing Control of Your IT) | PCWorld Business Center.
Small business need-to-know risk management …. security…..two video offerings and both have solid information for your use.
Excerpt……Introducing The Front Line of Fraud & Corruption, PwC’s continuing video series on the current state of fraud and corruption. Unlike any other business resource, PwC’s The Front Line gives business leaders an exclusive look into the immediate and constantly changing business threat landscape. From whistle blowing, to shifting emerging market dynamics, to cutting edge prevention techniques, and other key topics, PwC’s investigative leaders help you and your organization stay tuned-in to the latest fraud and corruption trends, strategies and behaviors.
See 2 videos here………via New PwC series captures current state of fraud & corruption in a constantly changing threat landscape: PwC.
Has your business adopted the BYOD policy yet? Do you have the best risk preventative policies in place? Read the how-to and need-to-know from others who have adopted BYOD and enjoys the cost benefits this provides Information technology
Excerpt………In a recent survey, 74% of IT workers responded that BYOD is allowed in their workplace. Another survey found that 67% of North American iPad owners are using the devices in office, and IBM claims 80,000 BYOD users in its fold. This is why CIOs and CTOs must be leaders in this movement, not barriers.
Being a leader means being prepared. IT has a great opportunity to help their business partners realize the productivity and cost benefits of BYOD while mitigating the new risks, most notably around security. Here are five steps that IT leaders can take to prepare for a positive BYOD transformation.
Read full article………. via Why IT Departments Should Let Employees Use Their Own Devices. From Mashable
Great reminder and good read……..internal controls are VERY important…. just because you are small business doesn’t mean you can ignore them. Statistics show a bigger percentage of fraud is the result of someone whom you believe you can trust. Security
Excerpt……..Smart Business spoke with industry expert Ernie Rossi on the prevention and detection of internal fraud. For almost 20 years, Rossi has educated clients on maintaining effective internal controls. As an audit partner at Sensiba San Filippo LLP, Rossi teaches clients best practices for establishing internal controls and keeping them in step with the times.
Read full article….via How to reduce the risk of fraud by keeping internal controls current | Smart Business.
Using the cloud or plan to do so……read this and put into place the necessary security.
Excerpt…….Using the cloud to store business data can be a smart decision for a company of any size. PCWorld explained cloud computing can often quell backup worries should a computer disaster occur – if a business is physically destroyed by unpredictable environmental factors but the company data is stored on the cloud, as opposed to on-site servers, information would not be lost. The source also cited ease of communication, ability to remotely access information and cost-effectiveness as benefits of the cloud.
Still, some industry veterans are weary of the technology and worry that company data may not be as safe in the cloud as it is on in-house servers. Most dangers involved in cloud transfer can be remedied, however, in a few easy steps.
Read full article……via Five Ways to Protect Company Data on the Cloud | Proformative.
Small business owners if you use Mac……this is a very important heads-up security.
Excerpt……..The nightmare scenario for Mac owners is here. At least 600,000 Macs worldwide have been infected, silently, by the Flashback Trojan, with no user interaction required. Here’s why this is just the beginning of a long-term problem.
Read full article………via New Mac malware epidemic exploits weaknesses in Apple ecosystem | ZDNet.
Small business important takeaways…..you are definitely not immune to security issues….cybercrime is a huge risk to manage before it happens.
Excerpt……Fortunately, there’s a way out of the catch-22. In “Risk intelligent governance in the age of cyber threats”, we describe how a maturity-based view of four specific “leading practices” in cybersecurity can give boards valuable insights on a company’s cyber risk management strengths and weaknesses – even at companies that are still ramping up their capabilities in the area. A basic awareness of key elements in an effective cyber defense can not only help boards understand their company’s maturity in managing cyber threat risk, but point towards next steps that can help move the company toward a more proactive, preemptive, and mature approach.
Read introduction and download paper here…..via Deloitte | Cyber Threats | Risk Intelligent Governance in the Age of Cyber Threats| Governance and Risk Management.