Attention: Services Providers - Clients want to know how you protect their data
It would be careless to do business with someone before doing your homework. You need to make sure you understand exactly what you are getting into and that the other party is open, honest and acting with an acceptable standard of care. Conducting due diligence is common practice with today's business interactions. You see investigations into a company's financials, personnel, and business practices. With the cyber security environment we have today, IT and information security reviews during due diligence investigations are being given a higher priority as well.
IT Risk Assessment
To prevent any risk of a security breach, it is always a good idea to conduct a periodic risk assessment. A risk assessment will help identify the areas where your company is most susceptible to an attack from a hacker or thief. The fall-out from a security breach is enough to shutdown any business, but has the greatest impact on small businesses. In the event of a security breach a business could be hit with fines, additional compliance requirements, as well as bad publicity, any of which could be enough to force a business to close its doors and be out-of-business. Making security a priority and routinely assessing your security posture can protect your company against potential threats and reduce its risk exposure.
Wi-Fi for SMB - Things to Consider
I came across a good little article [^1] earlier in the week about setting up guest Wi-Fi and I think it should really hit home with many small business owners. Simply throwing up a wireless access point and connecting it to the rest of your network so guests can have internet access is a great way to cause yourself a whole lot of pain. Not only does doing something like that have harsh PCI compliance ramifications, your systems are wide open to anyone connecting to your Wi-Fi. Depending on the range your access point allows you could have a data breach without the attacker even setting foot on your property giving any physical controls you may have in place a zero chance of working.
Weekly Wrap Up Oct, 3 2014
This week's wrap summarizes the Jimmy John's data breach and the breach on Japan Airlines.
Shellshock! Bash Vulnerability.
This past Wednesday, September 24th a vulnerability in bash was announced and I wanted to give a quick summary or run-down of the situation and how it may effect some of us. The vulnerability allows code execution in bash simply by setting certain specific environment variables. The vulnerability was originally found by Stephane Schazelas, and later Travis Ormandy disclosed a secondary exploit that manages to circumvent the initial patch. Given the fact this vulnerability revolves around using bash shells it has been given the name "shellshock". It has also been assigned two separate CVE numbers, CVE-2014-6271 for the original vulnerability and CVE-2014-7169 for the secondary variation.