Keeping Data Secure Is Tougher than Ever
New ways of collecting and analyzing data are creating new opportunities for companies to gain an edge over their competitors and grow their profits. But while data has the potential to create profits, it also has the potential to take them away. If hackers get their hands on your company’s data, they can wreak havoc on customer relationships and cause tremendous damage to your brand and reputation.
Security Threats are Proliferating Fast
One thing I’ve learned during my tenure as editor of eSecurity Planet is that security threats are proliferating so fast, it’s tough for even the experts to keep up with them. The most disconcerting thing about high-profile breaches like those at Target and Neiman-Marcus is how long it can take to discover them and how difficult it can be to pinpoint specific methods used by attackers. Hackers themselves have trouble keeping up, as evidenced by a hapless group of attackers who boasted of breaching a British bank website only to discover they had actually attacked a phishing site.
Does that sound scary? It is.
Here is something that may make you feel a little better. (Or it might make you feel worse, depending on your security posture.) Because there is so much low-hanging fruit, hackers tend to focus their efforts on obviously insecure trees.
My goal as editor of eSecurity Planet is to offer advice that companies can use to eliminate the kinds of security gaps that hackers love to exploit. Recently, for example, we published a piece that contained six tips for fighting SQL injection, an attack technique that experts believe is involved in the overwhelming majority of data breaches.
Security Tips: Control Weak Passwords and Train Employees
Weak passwords are another well-known security risk. Yet many users opt for convenience over strength when selecting their passwords. Luckily, there are a number of tools that can help security professionals enforce password policies – a number of which we included in this recent article.
Training employees on security is an obvious best practice, but it’s one that a surprisingly high percentage of companies ignore. It’s especially important given the large number of employees who admit to practices such as not using passwords on mobile devices used for work. Given this, we collected some suggestions for offering security training that actually works. Targeting training to specific groups of users rather than giving the same presentation to everyone was just one of the good ideas in this piece.
Traditional Network Security is not Adequate
Of course, low-tech practices like employee training only go so far in solving your security challenges. As threats have become more sophisticated, so has the hardware and software designed to help companies detect and mitigate those threats. Because experts agree that traditional perimeter-based approaches to network security are no longer adequate to protect today’s mobile workforces, we produced a deep-dive on next generation firewalls, complete with case studies and a handy product comparison matrix.
We also strive to offer coverage that goes beyond the angles that you can readily find elsewhere. Just about every publication spotlighted the XP-related security risks for PCs still running Microsoft’s aging operating system. But eSecurity Planet’s Sean Michael Kerner took a look at the world’s ATMs, the majority of which run XP, to find out if banks – and their customers – should be worried about XP’s end of life.
I am nothing if not a realist, so eSecurity Planet even offers coverage that can help you respond effectively to a data breach and minimize your losses if one does occur. If you worry about securing your company’s data – and who doesn’t, these days? – check out eSecurity Planet.
Ann All is the editor of Enterprise Apps Today and eSecurity Planet. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.
This article was originally published on April 17, 2014