Jay Sachetti joined Jeff O’Brien, partner at Husch Blackwell and Dyanne Ross-Hanson, president of Exit Planning Strategies talked about the market for mergers and acquisitions, exit planning opportunities for companies that don’t end up for sale and how companies can maximize their eventual sale price during an early October panel at the first Upsize on Tap event at Summit Brewing Co. in St. Paul.
When the state Legislature passed a law requiring employers to provide paid leave and safe time for employees, Justin Bieganek started hearing differing details from friends, colleagues and peers.
If it’s happened to your company, you know it can be frustrating, embarrassing and at the least an inconvenience to secure and reinforce your Website or network.
If it hasn’t happened, don’t think your business is exempt just because it isn’t one of the Fortune 500. Any business connected to the Internet is a target for hackers.
The majority of hackers are motivated not just by profit but also by personal and ideological reasons, according to statistics by the Web Hacking Incidents Database, a consortium that produces an annual report on Web application security problems. It is considered a rite of passage to wage an attack.
While you can’t prevent network and Web site breaches entirely, here are some steps to reduce your chances of hacker attacks and how to handle a security problem if it happens.
Imagine the type of information that hackers would find valuable and want to access. It could be client contact information or Social Security numbers. It could be passwords or intellectual property or bank accounts.
How attractive and critical is the data you need to protect? Prioritizing this will help you determine your risk versus the expense it will require to protect it.
If you store sensitive client data, for example, you are at higher risk in an attack than a business that doesn’t. Your investment to protect it may be higher.
Defend in depth. View your network security in layers. To understand this layering idea, think about your home. You might install deadbolt locks and make sure to lock your home at night and when you are away. You could also install motion detectors. You could get a large dog, install a simple security system or invest in a remote security service.
The simplest form of network security is the firewall. This is a basic requirement, yet many companies rely on firewalls for all of their security.
If you are hosting your Web site on premise, you should also incorporate a demilitarized zone (DMZ), which is an added layer of separation between your site and network.
This way, people who have access to the Internet can access your Web site, but can’t access your data network, which is likely physically connected to your Web site.
Prevent proactively. Keep all of your servers patched with the latest operating system patches and updates. Once a new operating system vulnerability is discovered, the hacker community considers it a race to exploit the vulnerability before a patch is applied. Stay up to date with security updates, particularly the ones labeled as critical.
Install and regularly update antivirus and anti-spyware software.Viruses and worms are used to create tunnels into networks, and spyware is one of the ways these are delivered to your computers. Pay attention to alerts on new viruses and download any updates as they are available.
Implement controls. All network users should have complex passwords to log in, such as combinations of capital and lowercase letters and numerals along with non-alphanumeric characters. As an added precaution, change your passwords every 90 days. Weigh the inconvenience against the security of your data.
Watch for suspicious activity on your server by using intrusion detection software. This product can monitor logins and create a baseline activity profile that will alert you if activity seems odd -similar to how credit card companies monitor purchase history to detect potential fraud or identity theft.
Train users against mistakes. The Computer Security Institute, a national association for information security professionals, notes that average annual losses reported by U.S. companies in 2007 due to security breaches more than doubled to more than $350,000. CSI publishes an annual survey on computer crime and security and finds that a good portion of security problems are created within the company.
A classic example is the handwritten network password stuck to the wallin a cubicle or taped underneath a computer. It might be helpful for the employee, but it’s also helpful for anyone who has access to the building.
Another unfortunate habit is to leave computers logged on after hours.To fix this problem, invest in software that automatically logs outcomputers after a certain amount of inactivity or launch screen saversthat lock the keyboard.
Train your staff to not share their passwords with anyone. Even if a legitimate IT staffer needs to fix a problem, a policy that users must be present and type in the password themselves.
Prepare your response. If data is corrupted or a Web site is taken down, a good system will allow you to recover quickly. procedures should limit the consequences of a virus or hacked network to simply lost time and productivity.
At least once a year your company should conduct a data inventory to identify where critical and sensitive data resides. If your company does experience a cyber attack, this will help identify exactly where the breach occurred and what type of data was compromised.
Be aware that in some states, if client data is compromised,your company may be legally required to notify clients or the public about the breach and explain the potential consequences. A security disaster plan and response team should be in place before a problem occurs so that your company can respond quickly and professionally in a crisis.
Test your network to find out how vulnerable your business is to attack. You can purchase penetration-testing tools to simulate an attack or hire someone to try and hack your system.
It can cost less than $50 or up to several thousand dollars for a professional service. But the resulting reports can help you pinpoint current network vulnerabilities and possibly you much more in terms of embarrassment, lost time and productivity.
