|
If your Internet provider filters incoming e-mail, please add ncxgroup.com to your list of approved senders to make sure you receive NCX Group Security Updates. |
||
|
DO YOU KNOW IF SOMEONE IS ACCESSING YOUR DATA? How many times have you read about a security breach where unauthorized access had been going on for months, or even years? It's a scary situation for the victims affected, and equally unnerving for the CEO or upper management that has this happen under their watch. They know it is ultimately their responsibility to keep personal and intellectual property safe and a breach indicates they are not on the ball. Any length of time that a breach is in process isn't acceptable, but when it goes undetected for a number of months or longer, the company is usually considered negligent . . . and that will cost them money. Take for instance InterActive Financial Marketing Group, a division of Dominion Enterprises located in Virginia. They disclosed last week that 92,095 applicants who submitted credit applications to IFMG's family of special finance Web sites had their names, addresses, birth dates, and Social Security numbers compromised. In a press release Dominion Enterprises Discloses Data Breach in Business Division it was reported that a computer server was hacked into and illegally accessed by an unknown and unauthorized third party between November 2007 and February 2008. That's three months without detection, folks! The appearance of this type of business not having active network monitoring and management systems and processes in place is very disturbing. You can be sure that the cost of this incident is potentially going to far outweigh the cost of active network monitoring and security management. Last month, Heinemann-Raintree, publishers of PreK-Secondary nonfiction books, disclosed that after 18 months they discovered an unauthorized person was able to obtain access to their database and view customers' names, billing and shipping addresses, payment methods, and credit-card numbers. Moraine Park Technical College also just informed customers who |
||
|
|
| ISSUE: August 2008 | ||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
| purchased
books and supplies at their three campus stores that a security
breach occurred in July 2006. That was a whopping two years ago.
The list goes on, and one has to wonder why security measures are
taken for granted without action of assurance by an outside security
firm. We acknowledge that most CEOs attempt to do the right thing after a breach has happened. Their responses to victims include the words “regrettable”, “unfortunate” and “sincerely apologize”, and we assume they begin to review their information security through experts so further incidents won't happen, or so they are quoted saying. We applaud those who do or have the foresight to ensure the security of their data is truly secure. With all these breaches being reported, is the public to believe that companies are extremely negligent and not interested in protection? We doubt that for the most part. But what they do reveal is that CEOs need to see the importance of confirming their company's security stature. We hope more realize that security is a life cycle discipline that requires continuous monitoring and adjustments as their business evolves. Information security testing by a third party, unbiased security firm should be an ongoing commitment by those responsible for personal identifying information. Don't put off a web application or network security review. Let NCX Group help you identify what you are doing right and where undiscovered vulnerabilities may exist. For more information about our services or for a free consultation on how our experts can help you secure your data at a price that will fit your budget, call us at 888-448-5451 or request a representative to call you. NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today's technologies and business processes. | ||||
|
||||
|
|
|||