Tag Archives: Hacking

Feb
3
2012

Law firms are the target of the world’s best hackers

It’s not easy being an IT Manager at a law firm. This one of the most heavily regulated industries around and now there is a frightening new trend that has the attention of the FBI—much to the alarm of many IT Managers who are losing even more sleep than usual.

The trend is real—sophisticated hackers are targeting law firms as an easy source of information about their client companies. If your law firm is in the midst of a major acquisition for a client, be aware of the possibility that international hackers could be targeting you.

The numbers are dismal—80 law firms in the U.S. were hacked last year. What’s behind this trend? Sophisticated hackers have found that law firms, for all their focus on creating and keeping client information super secure, have failed to implement some key security processes. The result—sophisticated hackers find their way in to access client information. The rewards for them are enormous—particularly when there is a big M&A deal in the works.

What’s an IT Manager to do? One option is to examine their current processes for systems management. Are ALL PCs protected? Do they have the latest patches? Can you get into “optimal PC lockdown mode” by allowing IT teams to assign flexible user privileges so that security and end-user productivity can be maintained? Can you easily identify target machines via network scanning and determine their hardware specifications and driver requirements? Would you like to confirm you are compliant with organizational security compliance requirements by using OVAL or custom configuration scans?

If the answers to these questions are haunting you through the night, you may want to attend a live demo of the Dell KACE Family of Systems Management Appliances and learn how IT managers around the world are keeping the hackers away.

Posted in New Posts | Tagged , , | Comments Off
Jan
17
2012

The Reality of Retail and Security – Zappos Security Breach

Cell Phone showing the Zappos security breach notificationI awoke to a typically hectic Monday morning and I was well into my normal morning routine until I opened up an email from Zappos letting me know that I am one of the 24 million customers whose information has been hacked. Insert groan, eye roll and banging head against my desk here.

I work in Tech, I know that having my personal information online is a risk, but like most people, buying online is something that I still do.  I know that I’m  putting myself at risk, but being aware of this risk doesn’t really prepare you for the punch in the gut feeling you get once you receive that notice that your information has been breached.

But enough about my sob story, what does this mean for retailers like Zappos — a lot. Retail organizations like Zappos who experience a breach, now face the uphill battle of rebuilding customer confidence in their brand and website.  Zappos is relatively large retailer, and with the online retail giant Amazon.com as its parent company, one would think that they’d be a difficult site to hack into, but it just goes to prove that no one is safe, not even retail giants.

Looking at the way Zappos handled the leak of information shows that they had well thought out breach strategy in place. They stored user passwords and credit card data in separate databases, they were very timely in letting users know about the breach and what steps they needed to take. But, all of this is like having a cleanup crew on standby, how do retailers prevent the mess to begin with?

The most fundamental of security for retailers to follow are PCI regulations; unfortunately most retail organizations don’t. In fact, a whopping 67% of retail organizations that require PCI compliance aren’t in full compliance. But even if a company followed the PCI requirements, they are the bare minimum of security measures that can be easily hacked and reversed engineered. Retailers need to more than the bare minimum.

Retailers also need to stop seeing traditional defenses such as antiviruses and firewalls as effective as they once were. They need to consider new approaches and technology to help with security. New technologies that are considered more effective include: vulnerability assessments, effective and timely patch management, secure browsing, and security management platforms.

Retailers need to get their security solutions together, and stop trying to piecemeal tools and comply with the bare minimum of requirements because they just don’t cut it. Get a plan together for a solid security strategy; pick up a few tips and tricks for building your PCI security strategy.

*Image: Chris Parsons, January 17, 2012
Posted in New Posts | Tagged , , , | Comments Off