Premium Essay

Preventing Security Breaches

In: Business and Management

Submitted By narackham
Words 524
Pages 3
Preventing Security Breaches

There have been many large security breaches in the past few years, including such huge corporations as JP Morgan, Home Depot and Target. According to a report published by Ponemon Institute in September of 2014, almost half of all U.S. companies experienced a security breach of some kind in the past year. On top of that, an Identity Theft Resource Center report found more security attacks in the U.S. in 2014 than in any previous year. What can be done to prevent the release of potentially sensitive information? There are several precautions that can make a big difference when it comes to security breaches. Three of the most important are keeping software up-to-date, securing your network and properly training your employees.
Keep Software Up-to-date Earlier this year, thousands of Oregonians who used state websites to pay child support, file unemployment claims and renew their vehicle registration were left vulnerable to attackers who could intercept Social Security numbers and other sensitive information. This vulnerability was due to the use of outdated encryption protocols on the state of Oregon’s websites. One of the easiest ways to avoid security breaches is simply to keep all software and systems up-to-date. Using outdated encryption, last year’s virus protection software or an operating system from 1998 is a recipe for disaster.
Secure Your Network During late 2014, the State Department revealed that hackers had breached its unclassified email system. While the government claims that no sensitive information was lost, we have to wonder: why wasn’t this “unclassified” network encrypted with the same strength as its other networks? Securing networks by password protecting them and encrypting them is another easy way to avoid data breaches. Hackers are far more likely to take advantage of “low hanging fruit” than…...

Similar Documents

Premium Essay

Security

...Introduction As a future information security professional, it is vital that you understand the scope of an organization’s legal and ethical responsibilities. To minimize liabilities and reduce risks from electronic, physical threats and reduce the losses from legal action, the information security practitioner must understand the current legal environment, stay current as new laws and regulations emerge, and watch for issues that need attention. Law and Ethics in Information Security As individuals we elect to trade some aspects of personal freedom for social order. Laws are rules adopted for determining expected behavior in modern society and are drawn from ethics, which define socially acceptable behaviors. Ethics in turn are based on cultural mores: fixed moral attitudes or customs of a particular group. Some ethics are recognized as universal among cultures. Slides 9 Types of Law Civil law represents a wide variety of laws that are recorded in volumes of legal “code” available for review by the average citizen. Criminal law addresses violations harmful to society and is actively enforced through prosecution by the state. Tort law allows individuals to seek recourse against others in the event of personal, physical, or financial injury. Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law. Public law regulates the structure and administration of government......

Words: 2358 - Pages: 10

Free Essay

Security Breaches

...well-choreographed event that left the world stunned. There were many breaches of security, from the FBI/CIA, Customs and Border Patrol to TSA and everyone in between. The FBI/CIA failed to follow up on credible threats against the US. They stated” they had no real warning of the Sept 11th attacks.” However a few days after the attack they were able to identify all sixteen (16) hijackers. (MalcontentX) According to the 9/11 Commission report Immigration and Customs lost track of Hazmi and Mihdhar as they left the Los Angeles airport. Hazmi and Mihdhar were terrorist operatives selected by Usama Bin Ladin to carry out the attacks against the U.S. Once in the U.S. they were able to take classes to learn English, and enroll in flight school. The FAA and Air Traffic Controllers failed to properly recognize the situation, Air . If all levels of the sir defense system worked properly then If all the agencies had worked together shared preliminary information and followed up with leads then this attack could possibly been avoided. I think that one of the biggest security breaches was committed by the TSA and the airlines. Prior to 9/11 security at airports was inadequate. Passengers would walk through a metal detector to deter someone from carrying a weapon. Since 9/11 passengers believe that security is nothing more than a hassle and waste time. According to the website FARECOMPARE there are nine airport security changes since 9/11. They are as follows: 1. Specific ID......

Words: 713 - Pages: 3

Premium Essay

Data Breaches

...data breach trends for 2014." SecurityInfoWatch.com. N.p., 10 Jan. 2014. Web. 29 Apr. 2014. Summary This class has been absolutely phenomenal. I have been in the tech industry for about 5-6 years now and just recently started developing iOS apps and websites about 1-2 years ago and am still new and learning each and every day, but I haven’t really ever enjoyed a class this much. I have been reading articles each week for these research papers that are required weekly and due to the requirement of breaking them down and performing a “dive deep” on them, I have really been able to relate what we are learning in school to actual life and real life situations. The article that I choose for this week is from Security Info Watch and it discusses the future of data breaches this year and things that we could encounter over the time frame of this year and next decade as technology continues to grow at the rate it is growing. It compare the big breach with Target and aligns it to other situations that are possibilities with the way we use our technology. One of the big theories that the article through out was that we are going to run into issues with all of this cloud computing and big data and that society is very vulnerable to a big data cloud breach. Apple has started the whole ball rolling with cloud computing storing all of your data on a cloud platform easily accessible by all of your devices. The only problem is that it too is easily accessible to other things such as......

Words: 681 - Pages: 3

Free Essay

Preventing Security Breaches

... Preventing Security Breaches: Collaborative Summary Shemeika Montgomery BIS/221 October 23, 2014 Dr. Tracey Ragin Preventing security breaches is a very difficult task to prevent in today’s world. There are many information technologists that do their best on a daily basis to prevent data leakage. There are very skilled criminal individuals in the world that can breach any kind of security. It is best to keep all businesses safe to protect yourselves and to protect the customers as well as employees. Computer systems can be affected by viruses, Trojan horses, worms, and other types of malicious software causing them to perform ineffectively and maliciously. It is very true that if a skilled data thief wants your information badly, the chances are they will get it. So it is in everyone’s best interest that everything is done to stay secure. By coming up with strong passwords and changing them frequently is a good start. Be sure to never use the password more than once. It’s best to set up a two - factor authentication which sends a secret code to your phone verifying your identity. Securing your browser will help keep your information secure as well. Be sure to test your browser’s configuration for weakness. Another awesome thing to do is to stop transmission of data that is not encrypted and instruct encryption of all data. Educating and training employees will also help the business. Establishing a written policy about data security to inform employees about what......

Words: 392 - Pages: 2

Premium Essay

Data Breaches

...How Do Data Breaches Occur? * Employee loses an unencrypted portable device (smartphones, laptop, thumb drive, backup tape) * Property crimes (computers prime targets) * Inside job (employee steals information) * Stray faxes, emails * Phishing scams and increasingly, Spear-Phishing (social engineering) * Malware / virus attacks (especially when working remotely on an unsecured network) * Failure to purge/scrub computing devices scheduled for destruction * Weaknesses in "Cloud" security Greek Market Vs Global Market – Security Incidents PWC – Information Security Survey 2013 “Must Do” Security Actions 1. Implement User Education & Awareness : * Communicating safely and responsibly * Using social media wisely * Transferring digital files in a safe way * Proper Password usage * Avoiding losing important information * Ensuring only the right people can read your information * Staying safe from viruses and other malware * Who to alert when you notice potential security incident? * Knowing how not to be tricked into giving information away This will ensure that all personnel who have access to information and information systems understand their daily responsibilities to handle, protect and support the company’s information security activities 2. Keep System up to date Systems and software, including networking equipment, should be updated as patches and firmware upgrades......

Words: 681 - Pages: 3

Premium Essay

W2 Security

...Information Security Detroit Hospital Security Breach CMGT441 John Ebel May 18, 2014 Information Security Detroit Hospital Security Breach      Security breaches can be a detrimental to any company, especially if the breach brings out sensitive information belonging to individuals. Sensitive information is as simple as a name, dates of birth, personal records, or any other type of personal information that is able to be used by someone to defraud any other individual or a business. The impacts of such a security breach like the one that occurred at the Henry Ford Health Systems hospital in Detroit, Michigan when a laptop was used to store data that was compiled on a spreadsheet that was not encrypted. This is just one example, though there were a few incidents at this hospital where data was stolen. Incident Background     A laptop was stolen from an office at the Henry Ford Health System hospital, the laptop did contain password protection software but it was standard protection that could easily be broken by anyone that knew their way around a computer slightly. The information on the laptop didn’t include social security or health insurance information, but it did have “patient names, medical record numbers, dates of birth, telephone numbers, e-mail addresses, and treatment and doctor visits” (Moscaritolo, 2010, p. 1). The laptop is thought to have had about 4,000 patient’s information, and all records were related to services that were done over the past eleven...

Words: 948 - Pages: 4

Premium Essay

Preventing Security Breaches

...Preventing Security Breaches BIS 221 November 18, 2014  My group discussed what it is that businesses can do to help prevent security breaches inside their companies. We consulted with an article at “Business News Daily” and decided that the two most important things that a company can do to prevent these security breaches is to do proper training and to have physical security measures present. Throughout my history of working with technology and big data, I have found that proper training and onsite security is more effective than any other forms of security. By having physical security measures present in the form of screen shields, security workers, and blocked passageways with gates and security doors, you will eliminate a large amount of the piggybacking and other physical security breaches, which are still some of the prime ways that prowlers gain information. The next way is to provide proper training for your employees to follow the security guidelines and assist with the physical security measures taken. With proper training, employees know how to lock their computers, protect their files, and protect sensitive information. By following the rules in training, they will help to eliminate an even larger amount of security breaches. Too many employees do not know how easy it is to protect their information and how much they can assist with the protection of a company’s data and databases. These two factors are the largest participants in information......

Words: 354 - Pages: 2

Free Essay

A Case Study of the Trend in Cyber Security Breaches as Reported by Us Federal Agencies

...A Case Study of the Trend in Cyber Security Breaches as Reported by US Federal Agencies Joash Muganda American Public University System ISSC640 – Prof. Belkacem Kraimeche November 12, 2014 Abstract The cases of cybersecurity breaches reported by federal agencies have sharply increased in recent years due to a combination of factors. This study seeks to examine the current trends in cybersecurity breaches documented and reported by federal agencies, analyze the various factors responsible for this trend and their impacts, as well use currently available data to predict a future trend. A Case Study of the Trend in Cyber Security Breaches as Reported by US Federal Agencies The number cybersecurity breaches reported by federal agencies has been on the increase owing to the variety of factors. According to a report by U.S Government Accountability Office, GAO (2014), federal agencies have reported increasing number of cybersecurity breaches that have put sensitive information at risk, with potentially serious impacts on federal and military operations. GAO (2014) further stated that the increase in this number is due to the fact that obtaining hacking tools has become easier, there is dramatic increase in reporting security incidents, and steady advances in the sophistication and effectiveness of attack technologies. The table below shows the number of cybersecurity breaches since 2006 to 2012 as reported by GAO (2014). Number of Incidents | 5503 | 11911 |...

Words: 987 - Pages: 4

Premium Essay

Security

...Security Students Name Institutions Name How to resolve a security issue in a situation where the need for security is great but the available funds are limited Community participation is a very important aspect in enhancing security. Through the community’s leaders individuals can be sensitized on the need to protect each other and also help them to create a ‘we’ feeling in the management of the important resources in a region. This will enable the community members to identify with the resources and wealth of a region and hence strive to protect it by all means. Governments and administrative officials should also involve the locals in making of decisions that are of utmost importance to the people’s welfare (Bakari, Magnusson, Tarimo, & Yngström, 2006). The benefits if personnel in security management develop skills as educators for their organization's security Having high skilled employees who are given the potential to grow their expertise is a great benefit to any organization. An organizations success can often be attributed to individual expertise and skills of its employees. The benefits are as follows: 1. Cuts on the costs of hiring external consultants; many organizations spend a lot of money in hiring third party consultants to cover essential tasks within the organization such as periodic network vulnerability scans and developing security programs. The cost of sending employees to the requisite training may be relatively cheaper (McCoy &......

Words: 1066 - Pages: 5

Premium Essay

Security

...Security Students Name Institutions Name How to resolve a security issue in a situation where the need for security is great but the available funds are limited Community participation is a very important aspect in enhancing security. Through the community’s leaders individuals can be sensitized on the need to protect each other and also help them to create a ‘we’ feeling in the management of the important resources in a region. This will enable the community members to identify with the resources and wealth of a region and hence strive to protect it by all means. Governments and administrative officials should also involve the locals in making of decisions that are of utmost importance to the people’s welfare (Bakari, Magnusson, Tarimo, & Yngström, 2006). The benefits if personnel in security management develop skills as educators for their organization's security Having high skilled employees who are given the potential to grow their expertise is a great benefit to any organization. An organizations success can often be attributed to individual expertise and skills of its employees. The benefits are as follows: 1. Cuts on the costs of hiring external consultants; many organizations spend a lot of money in hiring third party consultants to cover essential tasks within the organization such as periodic network vulnerability scans and developing security programs. The cost of sending employees to the requisite training may be relatively cheaper (McCoy &......

Words: 1066 - Pages: 5

Premium Essay

Data Security

...Lara Ramey Southern New Hampshire University OL 442 – Professor David Miller April 25, 2015 Final Paper: Data Security With technology taking over businesses and costs rising higher by the year, having a solid data security policy in place is an extremely beneficial and important part of protecting an organization. Sinrod (2010) discusses how financially damaging data breaches can be for an organization, with an average cost of $6.75 million per incident in 2009. Breaches can be expressed both in and out of the organization, with especially staggering statistics on employee theft. Dwyer (2014) states, “39 percent of data theft from businesses comes from company insiders. Even more troublesome, 59 percent of ex-employees admit they stole data from their former employers.” With figures as high as these, it is up to company executives and management personnel to apply great effort in creating data security plans that cover all aspects of potential threats in order to keep incidents and costs low. Human Resources must also have a role in designing and implementing these policies, as well as conveying them appropriately to both managers and employees. Jackson et al. (2014) proposes developing an ethics code for the entire company to follow and stressing the importance of managers to “practice what they preach.” If the organization follows its own protocols and demonstrates ethical behavior, it is more likely their employees will follow suit. Before the policy is......

Words: 1090 - Pages: 5

Premium Essay

Preventing Security Breaches: Collaborative Summary

...Preventing Security Breaches: Collaborative Summary BIS/221 05/25/2015 Preventing Security Breaches: Collaborative Summary When it comes to protecting the consumer’s information it not only includes the information contained on your personal bank/retailer card but also the information that you are required to enter on such self-service retail platforms such as KIOSK. According to the article, KIOSK Information Systems (KIOSK), offers licensing options for deplorers to secure their self-service retail platforms with Intel Security's McAfee Integrity Control technology before shipment and installation. Looks as if McAfee has taken their security software that is distributed to the average home CPU user and have expanded upon it to create and offer the consumer protection through their McAfee Integrity Control software, which provides extensive protection for retail devices, including self-service transactional kiosks. There are so many different security software application/companies out there available but there is only one offered which is Intel McAfee. I actually find it comforting as a consumer that McAfee is the software of choice especially with the companies 30 year plus history and dependability. I believe McAfee is the security software of choice for these types of self-service retail platforms because as stated in the article it is globally used and supported by a majority of platforms in the retail world. When it...

Words: 535 - Pages: 3

Premium Essay

Security Breaches in Health Care

...“The healthcare industry will see even bigger breaches of data and patient privacy in 2014, an Experian report says” (www.experian.com), according to this report “The healthcare industry, by far, will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014”. A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. According to laws in 40 states, when a data security breach occurs, notification must be made to the affected individuals. Depending on the size and scope of the breach, notification can be handled in a variety of ways, including by mail, telephone, email or through the news media. The Health Insurance Portability and Accountability Act (HIPAA) protect patients' privacy and simplify the administrative processes. Information security considerations are involved throughout the guidelines and play a significant role in complying with the Privacy Rule. The purpose of this rule is to...

Words: 1280 - Pages: 6

Premium Essay

Should All Security Breaches Be Made Public?

...yourself to class with the following information (Your name, major, and your response regarding work ethics): Cyber-attacks on American companies have become increasingly more common. Companies such as Facebook, Twitter and Apple, have voluntarily gone public with their security troubles. Alternatively, a number of companies have continued to deny cyber-attacks, despite reports stating otherwise; including, Exxon Mobil, Coca-Cola, Baker-Hughes, and others. The U.S. government has encouraged transparency on cyber-attacks as part of a wider effort to protect American intellectual property. Advocates of disclosing breaches claim it will set a precedent for other companies to get more active in fighting cyber-attacks. The majority of company lawyers advise not to disclose, pointing to potential shareholder lawsuits, embarrassment and fear of inciting future attacks. Health and insurance companies must disclose breaches of patient information, and publicly traded companies must when an incident effects company earnings. What policy should companies adopt when dealing with a cyber-security breach? Should all security breaches be made public? Is it ever ethical for companies to withhold security breaches from those whose information may have been compromised? Why or why not? In a minimum of 150 words, respond to the questions posed above and submit via a post. Feel free to comment on your peer's posts. Hi, my name is Alex Crenshaw and my major is computer......

Words: 375 - Pages: 2

Free Essay

Data Breaches

...Daniel Baxter Nico Ferragamo Han Vo Romilla Syed IT 110 8 December 2015 Data Breaches The Case In July of 2014 JPMorgan Chase, a multinational banking and financial services holding company was hacked. JPMorgan Chase is the largest bank in the United States, the sixth largest bank in the world, and the world’s third largest public company. Initial reports from JPMorgan Chase stated that the attack had only breached about one million accounts. Further details revealed that the hack breached the accounts of seventy-six million households (roughly two-thirds of the total number of households in the United States), and about seven million small businesses. While the hack began in July, it was not fully stopped until the middle of August, and it was not disclosed to the public until September. The hack is considered to be one of the most serious attacks on an American Corporation’s information systems and is one of the largest data breaches in history. JPMorgan Chase claims that the login information associated with the accounts (such as social security numbers and passwords) was not compromised, and the information that was stolen had not been involved in any fraudulent activities, however, the names, email addresses, physical addresses, and phone numbers on the accounts were taken by the hackers. The hack was believed to have been committed by a group of Russian hackers. It’s also believed to have been part of a large ring of attempted attacks on as many as nine banks......

Words: 1557 - Pages: 7