This “white paper” was created to present to several clients of mine. I’m posting it to my blog so that it can be reviewed and maybe raise some questions as to how you handle your home and business information.
Company policy concerning safety and security of data
- How important is your data?
- What is the company policy about sharing data?
- What workers / contractors have access to what data?
- What would you do if that data were leaked to a competitor?
- Do you allow users to surf MySpace, FaceBook, or similar sites? How do you know?
“Over 90 percent of the Webpages that are spreading Trojan horses and spyware are legitimate sites, some belonging to household brands and Fortune 500 companies, Sophos reports. Most have been hacked through SQL injection.” – source: Sophos.com
AJAX also increases the possibility of so-called cross-site scripting flaws, which occur when the site developer doesn’t properly code pages, experts said. An attacker can exploit this type of vulnerability to hijack user accounts, launch information-stealing phishing scams or even download malicious code onto users’ computers, experts have said. Big-name Web companies such as Microsoft, eBay, Yahoo and Google have all experienced cross-site scripting flaws on their Web sites.” – source: Cnet.com
“Certification” method to insure all outside pc’s (ex: laptops) are clean and malware free
How do you know if the pc’s are infected or not?
What is the policy on maintaining anti-virus and safe surfing habits?
Secure Backup Method
What is your backup method?
Have you practiced recovery from disaster?
Do you use imaging software to recover the OS and applications?
Are your backup files secure?
Data Encryption on Laptops and Remote Devices
Are your laptops and remote devices utilizing data encryption?
How much is your data worth if it gets into the hands of a competitor or criminal?
There is some evidence that cyber criminals are now specifically targeting laptop users, encouraged to do so by the finding that corporate laptops hold an average $525,000 worth of sensitive data. – source: Bahn, October 2007
Company Email and Consistency
Do your workers use their personal Yahoo or AOL accounts for email?
Do you want your clients to have an image of your company with potentially suggestive email addresses? (ex: firstname.lastname@example.org)
What will you do if a lawsuit and discovery injunction requires that you are able to provide all communications?
The Growing Importance of E-Discovery on Your Business
Business Guide to Compliance
The Impact of the new FRCP Amendments on your Business
Protecting Off-Network/Laptop Users
2007 Annual Study: Cost of a Data Breach