White Paper – Security Questions

This “white paper” was created to present to several clients of mine. I’m posting it to my blog so that it can be reviewed and maybe raise some questions as to how you handle your home and business information.

PDF Copy Here

Company policy concerning safety and security of data

  • How important is your data?
  • What is the company policy about sharing data?
  • What workers / contractors have access to what data?
  • What would you do if that data were leaked to a competitor?
  • Do you allow users to surf MySpace, FaceBook, or similar sites? How do you know?

Over 90 percent of the Webpages that are spreading Trojan horses and spyware are legitimate sites, some belonging to household brands and Fortune 500 companies, Sophos reports. Most have been hacked through SQL injection.” – source: Sophos.com

Cross-site scripting

AJAX also increases the possibility of so-called cross-site scripting flaws, which occur when the site developer doesn’t properly code pages, experts said. An attacker can exploit this type of vulnerability to hijack user accounts, launch information-stealing phishing scams or even download malicious code onto users’ computers, experts have said. Big-name Web companies such as Microsoft, eBay, Yahoo and Google have all experienced cross-site scripting flaws on their Web sites.” – source: Cnet.com

“Certification” method to insure all outside pc’s (ex: laptops) are clean and malware free

  • How do you know if the pc’s are infected or not?

  • What is the policy on maintaining anti-virus and safe surfing habits?

Secure Backup Method

  • What is your backup method?

  • Have you practiced recovery from disaster?

  • Do you use imaging software to recover the OS and applications?

  • Are your backup files secure?

Data Encryption on Laptops and Remote Devices

  • Are your laptops and remote devices utilizing data encryption?

  • How much is your data worth if it gets into the hands of a competitor or criminal?

There is some evidence that cyber criminals are now specifically targeting laptop users, encouraged to do so by the finding that corporate laptops hold an average $525,000 worth of sensitive data. – source: Bahn, October 2007

Company Email and Consistency

  • Do your workers use their personal Yahoo or AOL accounts for email?

  • Do you want your clients to have an image of your company with potentially suggestive email addresses? (ex: cutiegirl69@yahoo.com)

  • What will you do if a lawsuit and discovery injunction requires that you are able to provide all communications?

Further Resources:

The Growing Importance of E-Discovery on Your Business

http://www.google.com/a/help/intl/en/security/pdf/importance_e_Discovery.pdf

Business Guide to Compliance

http://www.google.com/a/help/intl/en/security/pdf/WP44-BMGuide.pdf

The Impact of the new FRCP Amendments on your Business

http://www.google.com/a/help/intl/en/security/pdf/WP42-FRCP_0107.pdf

Protecting Off-Network/Laptop Users

http://www.google.com/a/help/intl/en/security/pdf/off_network_workers.pdf

2007 Annual Study: Cost of a Data Breach

http://www.ponemon.org/press/PR_Ponemon_2007-COB_071126_F.pdf