Measure and control IT security

In a recent article published on SearchSecurity.com, Ed Skoudis pointed out some useful tips for adapting security strategy of organizations going through a merger or acquisition.

Organizations involved in an M&A should consider the following security measures:

- Adapting IT security policies of both organizations involved in M&A
- Analyzing existing network architecture
- Eliminating LAN architecture differences (for instance, strengthening security of existing WiFi architecture)
- Creating security policy for laptops and portable devices
- Updating current security software solutions
- Implementing employee training on data security
- Monitoring user behavior (ongoing FTP or HTTP transfer scans, etc.)

So, in the end, to avoid information security threats during a merger, companies should have two main goals:
- A long-term alignment of policies, procedures and technology
- An augmented policy supported by a series of quick-hit technical defenses.

Successful execution of this two-pronged strategy can help merging companies significantly lower their risk exposure.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

To protect your organization’s employees and clients, you need to evaluate how well your company protects its PII. Here are seven common mistakes to avoid.

Keep users in the dark

If your users don’t know how to identify and handle PII, it’s only a matter of time before one of them discloses this data to the wrong source.

Partner with the wrong businesses

If your company collects and shares PII with insecure partners, who do you think will end up in the paper and explaining to law enforcement about how a breach occurred? Your company will.

Keep data around past its prime

What do you do with data once it’s served its purpose? If you aren’t destroying PII when it’s no longer required, then you’re not doing your job. That doesn’t mean throwing it away either — that means destroying it.

Don’t worry about physical security

It’s imperative that you implement physical access controls to prevent unauthorized people — including employees — from gaining access to PII. Get a door lock and a badge reader, and start controlling access.

Don’t lock up your records

If you don’t have specific storage areas on your network (as well as file cabinets) for PII, then how can your properly protect it?

Ignore activity on your network

If you’re not going to actively monitor your network for suspicious activity or incidents, then stop collecting the data. Develop a method that’s within your capabilities and budget to monitor your network for suspicious activity or incidents. And while you’re at it, develop a response and mitigation strategy for security incidents.

Audits? Who needs audits?

A lot of businesses either don’t know what security events to audit or don’t read their security logs — or both. If you’re not sure which events to audit, find out. Set up security auditing, and start reviewing your logs today.

From the article by Mike Mullins.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.