Feature: Building Business

Failure to Guard Against Info Breach Leads to Firm's Bankruptcy

Author: Michael Peters
Published: March 28, 2012 at 2:10 pm
Share

Breach Leads to Firm's Bankruptcy … was the description of a Wall Street Journal article I read recently. What caught my eye about this security breach, is that it originated with a physical breach of the business location, resulting in the electronic exposure of roughly 14,000 personal records containing addresses and social security numbers of clients.

Now understand; this was not a super-slick hacking crime at all. This was an unsophisticated physical intrusion that led to the bankruptcy of a company. The reality is that with just a few simple and relatively inexpensive countermeasures, this would not have been a business catastrophe.

First, data encryption would have prevented the exposure of those 14,000 customer records. There are solutions available ranging from the expensive to the free, so this is not a matter of technology being too expensive or exotic. This is cheap, fundamental protection that has been available for a long time.

Second, access controls and monitoring for both the physical space and the electronic space is again, commonly available for all budgets. The police have not caught the criminals, and a simple web camera might have been all that was needed to solve the crime.

The bottom line is this: security does not have to be complicated. It only takes the commitment to being more secure. The fact of the matter is that by taking three well defined pragmatic steps, something I'll refer to as the Security Trifecta, we raise the bar and achieve success: governance documentation, technological enforcement and vigilant teamwork working together to promote security.

The Security Trifecta in brief:

  • Governance Documentation: The foundation for what we do is based upon the written word. We collectively, collaboratively, cooperatively establish standards that are based upon philosophy, legal requirements, best practices, and regulatory demands.
  • Technological Enforcement: When governance documentation has been established, we set about implementing and enforcing those standards as much as possible through the usage of technology. Some technology implementations allow for the end user to exercise greater choice and control, whereas others strictly enforce our standards taking the human choice element out of the mixture.
  • Vigilant Teamwork: The reality is that nothing works very well without teamwork. Controls and standards break down without careful tending, just like weeds take over our gardens without vigilance. We must regularly review our security standards, validating their relevancy, and we will remain agile to adapt to the changing business landscape, as we put into practice carefully considered revisions to our ongoing security program.
Continued on the next page
 
 

About this article

Profile image for mdpeters67

Article Author: Michael Peters

Michael D. Peters has been an independent information security consultant, executive, researcher, author, and catalyst with many years of information technology and business leadership experience. He has been referred to as the “Michelangelo of Security”. …

Michael Peters's author pageAuthor's Blog

Article Tags

Share: Bookmark and Share