Web Threats Weekly - Cyber Security NewsFollowing Privacy Rules Keeps Organizations Out of Legal TroubleWhile it's important to keep your eye on the technology solutions that lock down your network and web applications, understanding how privacy and security regulations apply to your organization will help guide your overall security plan. This week, we look at what a law firm engaged in the privacy and security area is doing and recommending for abiding by the rules, protecting your clients' data and avoiding a nasty lawsuit. "Privacy legislation has changed the operating mode for companies collecting information (online or off-line) from 'what kind of information can we get' to 'what kind of information do we need for the purposes that we're carrying out," says Lang Michener LLP Partner James Bond, so the firm has procedures for ensuring information is properly collected, handled and disposed of. The starting point for devising procedures is understanding which rules apply to data. For information that could cross provincial borders in Canada, the national standard of PIPEDA would apply, though if the data will remain within one province, a regulation like BC's PIPA could take precedence. Information crossing to the USA can be governed by a wide range of industry-specific regulations such as HIPAA (for health information) or state regulations. A good rule is also to ensure that access to information should only be given to individuals that require it. "For example, we wouldn't put employee personal information on a shared network," Bond says. And disposing of information properly is as important as how you maintain it. He notes an incident involving a health authority that paid a records disposal company to get rid of paper records and some of the papers washed up on the shores of a beach. Vancouver Companies Learn About Online Protection"If you want to be more secure, don't go on the Internet," PCIS President Vaclav Vincalek stated at the "Online Protection" session for the Vancouver Board of Trade's Managers' Toolbox this week. "You might think I'm joking, but really, what is your organization's ability to operate without a security-breach shutdown worth to you? Given the online threats we've discussed, do your employees really need to be accessing any website they like, clicking on any link they choose? Do you?" The online security expert provided an overview of the web threats landscape and tips for organizations to improve their security at the session at the Sutton Place Hotel on March 10. While many organizations believe they've got the basics of security covered already, a barrage of daily news headlines reporting hacker penetrations and other security breaches show that companies are still dealing with a tough challenge. "A lot of companies we deal with ask why this is happening, since they think they don't really have information worth stealing, but the hackers have a very high incentive to keep trying to break into your systems," Vaclav says. "If they can get your customers' information, they can make millions of dollars. That's their real target. Actually, your company's information is just a bonus." The company losses from a security breach take many forms. "Normal operations are stopped, halting revenue, you have loss of reputation, loss of customers, regulatory fines and legal penalties," Vaclav notes. "And that's before you even get to the cost of remediating the vulnerability that led to the breach in the first place. We've seen from our own customers that the cost of fixing the problem after it happens is many times what it would have cost to take pro-active security measures." For more information about security, Vaclav recommended checking some of PCIS' resources, including Web Threats Weekly, the Managers Cheat Sheet for IT Security white paper and the Pacific Coast Informer Blog. Learn More About Web Security at Our WebinarPCIS is producing a web security webinar to help organizations better understand how to identify and prevent web vulnerabilities. This is a great opportunity for web developers, webmasters, IT people and other professionals who need to know about enabling better web security for their organization. Registration numbers are limited, so please check in next week for details about how you can participate. |
March 11, 2009Web Threats Weekly is distributed by: Pacific Coast Information Systems Ltd. Toll-free 1.877.744.7558 In this issue:* Following Privacy Rules Keeps Organizations Out of Legal Trouble * Vancouver Companies Learn About Online Protection * Learn More About Web Security at Our Webinar * Hacker Bait * Mythbusters Tip #16 * Spam-Alot Web Threats Weekly helps organizations protect themselves and their customers from known online threats. Contact BoonboxResources Links: |
 |
Hacker BaitThe latest Hacker Bait list contains websites of e-commerce, social networking and popular new media sites that have been found to have vulnerabilities that hackers and cyber criminals could exploit. This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry. If you would like more information on our data and why these sites are listed here, please contact PCIS Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days
|
Mythbusters Tip #16"Bigger organizations probably have better security because they have more resources to provide protection."Not really, though we're probably all guilty at some time of of giving undeserved trust to brand-name companies. But the record of security breaches overall shows us that bigger companies are just bigger targets for hackers. As recent security breaches at eBay, Monster.com and Facebook show, hackers can and do break through supposedly top-notch security rather frequently. Bottom line: be just as careful sharing your information with organizations no matter how big they are. Spam-AlotSpammers are linking to blogs, profiles and other pages on these trusted sites to give victims a false sense of security that the links can be followed safely. These sites may not have been hacked, but following the spam links to these sites and clicking on links shown there can result in harm to your computer. If you would like more information on our data and why these sites are listed here, please contact PCIS Spam-Alot Websites Exploited Since March 5, 2009
|
||||
Boonbox and Pacific Coast Information Systems Ltd.Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup. PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America. |
|||||
|
HOW TO SUBSCRIBE/UNSUBSCRIBE SUBSCRIBE: To subscribe to Web Threats Weekly, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com UNSUBSCRIBE: If you do not wish to receive future issues of Web Threats Weekly, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list. WE WANT YOUR FEEDBACK Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558 |
|||||
