If your Internet provider filters incoming e-mail, please add ncxgroup.com to your list of approved senders to make sure you receive NCX Group Security Updates.
JUSTIFYING DATA SECURITY IN TOUGH TIMES
As businesses reign in spending during this bad economy, many are cutting back on data security projects. But it is now that companies need to keep their guard up.
Budget cutbacks on information risk projects puts companies, no matter what industry they are in, at a higher risk to fraud and intrusions. A bad economy brings a rise in crime. This is not new, but what escalates this statement from past down economies is now we have the increased digitization and sophistication of network intrusions along with the desperation and willingness of inside employees to challenge the security controls of sensitive data. Companies now must deal with outside and inside security threats like at no other time in history. So to sacrifice the budget being allocated to continuing the prevention of breaches is a very risky move and could cost you more in the long run.
For instance, if you eliminate 24×7 intrusion monitoring to save costs, you will be transitioning from a preventative mode to a reactive mode. This increases the burden of inside IT personnel. If you have also decreased your staff, this can leave you wide open to vulnerabilities. Know what risk these decisions pose and be prepared to react if an incident should occur.
NCX Group believes information security doesn’t have to be expensive. But you can’t fix what you don’t know. At minimum, an NCX network penetration test can let you know what networks are open or exposed, if your access points are misconfigured or broken, if updates to software affecting security are patched and current, and if your network policies, processes and controls are tight. This can be invaluable information as we go through these times.
Your due diligence needs to also focus on keeping your guard up within your internal processes and controls. The financial pressure of this recession is pushing many employees to fraud, theft or mischief. We only hear about the bigger breaches in the major security news outlets, and not so much the instances where an employee might steal the identity of only a few or wreak havoc through sabotage. But these breaches still cost companies and institutions tens of thousands of dollars, if not more.
rFor instance, a former bank credit card department manager of Eastern Virginia Bankshares was identified and sentenced for bank fraud and identify theft totaling $65,000. He used a stolen access device and identifying information to withdraw money from someone else’s account. After the credit card account was closed, he reopened it under a new name and address and continued to tap the account for cash and purchases.
In another breach, a former IT director accessed the computer network of LifeGift Organ Donation Center in Houston after he was fired. Although previous administrative rights and access were revoked, the employee was able to repeatedly gain unauthorized access to the LifeGift network through a remote connection and deleted database files and software applications and backups relating to LifeGift’s organ and tissue recovery operations. The financial loss due to this intrusion was more than $94,000.
In an incident that escaped national headlines, a rogue IT computer engineer from Fannie Mae mortgage discovered he was about to be let go and planted a computer time bomb that was set to erase all the financial data and backups from the company’s systems. His credentials were not yet revoked when he appended malicious code to a legitimate script that would have replaced the data with zeros. Fortunately, the malicious script was discovered by a senior technician a few days after the engineer was fired. This incident would have caused millions of dollars in damage.
Know who has access to what data when letting go employees and terminate their accounts and all access before they have the opportunity to do damage. Be aware of what data is being accessed, if at all possible.
We know data security is an ongoing effort and takes many forms. Let NCX guide you in protecting your organization against inside and outside threats. Our security professionals are highly credentialed and our services are very competitive. We welcome your call for a quote on your specific needs.
For more information about our services or for a free consultation on how our experts can help you secure your data at a price that will fit your budget, call us at 888-448-5451 or request a representative to call you.
NCX Group, Inc. is a leading information risk management firm specializing in the assessment and mitigation of risk associated with today’s technologies and business processes.
NCX Group, Inc.
5000 Birch Street, West Tower, Suite 3000
Newport Beach, CA 92660
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.