August 2008

Any length of time that a breach is in process isn’t acceptable, but when it goes undetected for a number of months or longer, the company is usually considered negligent . . . and that will cost them money. Take for instance InterActive Financial Marketing Group, a division of Dominion Enterprises located in Virginia. They disclosed last week that 92,095 applicants who submitted credit applications to IFMG’s family of special finance Web sites had their names, addresses, birth dates, and Social Security numbers compromised. In a press release a Dominion Enterprises Discloses Data Breach in Business Division it was reported that a computer server was hacked into and illegally accessed by an unknown and unauthorized third party between November 2007 and February 2008. That’s three months without detection, folks! The appearance of this type of business not having active network monitoring and management systems and processes in place is very disturbing. You can be sure that the cost of this incident is potentially going to far outweigh the cost of active network monitoring and security management.

Last month, Heinemann-Raintree, publishers of PreK-Secondary nonfiction books, disclosed that after 18 months they discovered an unauthorized person was able to obtain access to their database and view customers’ names, billing and shipping addresses, payment methods, and credit-card numbers. Moraine Park Technical College also just informed customers who

We acknowledge that most CEOs attempt to do the right thing after a breach has happened. Their responses to victims include the words “regrettable”, “unfortunate” and “sincerely apologize”, and we assume they begin to review their information security through experts so further incidents won’t happen, or so they are quoted saying. We applaud those who do or have the foresight to ensure the security of their data is truly secure.

With all these breaches being reported, is the public to believe that companies are extremely negligent and not interested in protection? We doubt that for the most part. But what they do reveal is that CEOs need to see the importance of confirming their company’s security stature. We hope more realize that security is a life cycle discipline that requires continuous monitoring and adjustments as their business evolves. Information security testing by a third party, unbiased security firm should be an ongoing commitment by those responsible for personal identifying information. Don’t put off a web application or network security review. Let NCX Group help you identify what you are doing right and where undiscovered vulnerabilities may exist.

For more information about our services or for a free consultation on how our experts can help you secure your data at a price that will fit your budget, call us at 888-448-5451 or request a representative to call you.

NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today’s technologies and business processes.