Monday, September 26, 2016

Why Data Security is Important for Startups?


It is hard to overstate the importance of data security, especially for small firms like start ups. The 2016 threat environment for hacking and breaching is quite dangerous. Bad actors overseas in places like Russia and China frequently raid companies of all sizes looking for anything they can find, from personal information to commit fraud with to industrial secrets and strategic plans. Hackers can target a company for anything from the profit motive to political motivations or even just personal enjoyment. Start ups need to be aware of the damage that these breaches can cause so they can prepare themselves for the worst.

There are many bad outcomes that result from a hack, breach, or leak. First of all, there is the sensitivity of the data itself. As the introduction explained, there are many different ways that data can be of value to attackers, and that usually translates into hurting the company. For example, having internal production secrets stolen might result in the emergence of a knockoff competitor product later on. The leak of employee records will probably lead to fraud perpetuated in their names. Worst of all, the loss of sensitive customer information can also lead to fraud and a massive decrease in trust. There are headlines every month about the latest company to get hacked and have consumer credit card information or identifying data stolen. This includes everything from small startups that never got going to major corporations like Target. If this happens even once, then a start up can potentially lose its entire customer base. No current client will feel comfortable staying knowing that there has been a hack, and future clients will think twice because the hack indicates a failure of security.

Moreover, obscurity is not it security. Too many companies hope to just fly under the radar, hoping that no attacker will notice them. The reality is that there are so many potential attackers and executing an attack against an unguarded target is so easy that it is trivial for a hacker or group to target any company with an Internet presence. Once they gain entry, the attackers might simply lie dormant for months or even years, soaking up data. They could use their presence in one company as a springboard to hack others, either through collecting information that leads them to a specific target or by making use of the infected computers' resources to boost their efforts. Hackers target small, new companies constantly because they know these small companies are less likely to be able to make a significant investment in security. That leaves them vulnerable, and even the smallest startup can hold valuable data. Combine that idea with the fact that hacking is cheap and easy, and it is no surprise that no company is safe. Just because you haven't made a splash is not a reason to expect hackers to leave you alone. In fact, if you have a website and online assets, it's well within the realm of possibility that someone has attempted an unauthorized access of your assets.
Knowing that, you have to decide on a response. For one thing, to a certain extent you must develop a plan of action that responds to an existing hack. That means treating hacks as an inevitable occurrence that will happen some day, like a storm or earthquake, and planning accordingly. Settle on what you will say to win back the trust of your clients, how you will move forward under different circumstances, and how to manage the entire PR element of the event. Too many companies wind up trying to wing it because they never planned for what would happen in the event of a successful hack. Be proactive and prepare. As for real security, you can try making use of the cloud or an online data room, but you are best off with a powerful security consultant. They can do the heavy lifting and guide you to best practices, especially if you are too small to have your own dedicated IT department. Remember, hacks happen to everyone. It's up to you to choose how you will control the hack's fallout and minimize the damage. Expect the best and prepare for the worst.

Saturday, September 3, 2016

Back to School Cyber Security Tips

Kids all around the country are getting ready to go back to school. Here's an article I contributed for Tripwire that offers some tips on how to keep them safe online in the process:

http://www.tripwire.com/state-of-security/security-awareness/back-to-school-tips-on-how-your-children-can-stay-safe-online/

Wednesday, July 13, 2016

Top New Amazon AWS Cloud Security Features

Enterprises are moving to the cloud and with that we have to secure it. Amazon has taken notice, being the largest cloud provider in the world, that if they don't secure their cloud offering customers will continue being scared of the cloud. This has been Amazon's approach from the beginning and they've continually added security services to their cloud offering in order protect your data and draw you into the cloud.

Here's an article I wrote for Search Security on some of Amazon's new security services: http://searchcloudsecurity.techtarget.com/tip/Top-AWS-security-features-organizations-need-to-know-about

Tuesday, June 28, 2016

Friday, June 10, 2016

Deception in Depth Conference

Here's the link for this month's "Long Island Security Groups" next meetup. The topic this month will be on "deception technology".

We'll be having all the big names in the deception field presenting on their technology and explaining why deception techniques are needed for security professionals protecting their networks today.  Hackers don't play fair, neither should you. Hope to see you there! http://www.meetup.com/Long-Island-Security-Group/events/231725055/



Wednesday, June 8, 2016

Random Raymond Reddington Quote


Cloud WAFs Can Improve Application Security

Here's an article I wrote for TechTarget's "SearchCloudSecurity" edition regarding the benefits of utilizing a cloud WAF within your organization. There are numerous benefits to implementing a WAF in the cloud, which I go into more in the below link. Here are my thoughts on the technology and why it's a good idea to have this service pushed to the cloud.

http://searchcloudsecurity.techtarget.com/tip/How-cloud-WAF-implementations-can-improve-application-security