As a business, what do you need to succeed? A quality product is a must — as is a solid business model. Great people to sell and support your product are key, too. But you also need something else: A culture of transparency that builds and maintains client trust. We’ve discussed why you should do your due diligence when it comes to IT security by valuing your data, relating your security expenses as a percentage of revenue and comparing that to industry standards, and by being transparent with your leadership. Doing everything you can to help prevent and mitigate unauthorized access helps you and your clients sleep more easily at night. But, what do you say to your customers when the unexpected happens? It’s time to take the transparency you show with your leadership and apply that to your communication with your clients. As kids, we learned early on that it’s always better to tell the truth as a matter of trust and integrity, and the same thing can be said of business relationships. Trust is the basis of any meaningful relationship, and it certainly extends to the business-client relationship as well. The foundation of trust absolutely has to be there—otherwise, why would anyone want to invest…
Cybersecurity experts are saying a bug in the widely-used command prompt software Bash could be a bigger threat to users than the Heartbleed bug that surfaced earlier this year. The vulnerability affects Unix-based operating systems, including Linux and Apple’s Mac OS X. The bug – which has picked up the moniker Shellshock – allows for malicious code execution to take over an operating system and access information. Patches have been issued by many of the major Linux distribution vendors. Security expert Robert Graham, who has extensive coverage of the bug on his Errata Security blog, describes why it is so worrisome: The first reason is that the bug interacts with other software in unexpected ways. We know that interacting with the shell is dangerous, but we write code that does it anyway. An enormous percentage of software interacts with the shell in some fashion. Thus, we’ll never be able to catalogue all the software out there that is vulnerable to the bash bug. This is similar to the OpenSSL bug: OpenSSL is included in a bajillion software packages, so we were never able to fully quantify exactly how much software is vulnerable. The second reason is that while the known systems…
Note: The following article is part of a shared content agreement between Online Tech and InfoSec Institute. (View original post.) For more information on IT disaster recovery, download disaster recovery white paper or check out our case studies. In this article, we’ll learn about the concept of data loss prevention: why it is needed, what are the different types of DLP and its modes of operations, what is the planning and design strategy for DLP, what are the possible deployment scenarios, and what are workflow and best practices for DLP operations. OVERVIEW Every organization fears losing its critical, confidential, highly restricted or restricted data. Fear of losing data amplifies for an organization if their critical data is hosted outside their premises, say onto a cloud model. To address this fear or issue that organizations face, a security concept known as “Data Loss Prevention” has evolved, and it comes in product flavors in the market. The most famous among them are Symantec, McAfee, Web-sense, etc. Each DLP product is designed to detect and prevent data from being leaked. These products are applied to prevent all channels through which data can be leaked. Data is classified in the category of in-store, in-use…
