Group items tagged

Now, in a survey of more than 600 small business owners and executives, the Ponemon Institute has tried to put a number on the cost of credit card account fraud for those vulnerable targets, comparing the damage with the cost of physical theft by employees or burglars. The result: While identity theft takes less from businesses per incident than either robberies or crooked employees, it hits them often enough that it's an equally costly or even costlier problem. According to Ponemon's study, the median account fraud incident costs a business $5,136. That's much less than the $9,913 the respondents attributed to the median cost of a burglary or $17,517, the cost they attributed to an employee theft case. But take the frequency of those incidents into account, and the pain adds up. About 86% of businesses have suffered from account fraud, more than the 77% who have been robbed or the 63% whose employees have stolen from them. And among those victims, most businesses experience employee theft either once (32%) or zero times a year (41%). Robberies are less costly but more frequent: Most businesses report them either once (29%) or between two and five times a year (38%). Account fraud is far more frequent: 45% of businesses have been digitally defrauded two to five times in the last year, and 38% have been defrauded more than five times.

The Microsoft Business Productivity Online Suite (BPOS) has recently earned the Statement on Auditing Standard (SAS) No. 70 Type II, Federal Information Processing Standard (FIPS) 140-2 compliance, and the International Organization for Standardization’s (ISO) 27001 standard – among others.  In addition, Microsoft has launched a new dedicated government cloud as part of the Business Productivity Online Suite to meet the most rigorous government requirements for security and privacy, including complying with the International Traffic in Arms Regulations (ITAR). Learn how these and other certifications help ensure our customers security, privacy, and business continuity. 

“United States defense-related technologies and information are under attack: each day, every hour, and from multiple sources. The attack is pervasive, relentless, and unfortunately, at times successful,” writes Kathleen Watson, director of DSS. “As a result, the United States’ technical lead, competitive edge, and strategic military advantage are at risk; and our national security interests could be compromised.”

Attempts to gather intelligence information were traced to over half of the countries in the world. After East Asia and the Pacific, the Near East and Europe and Eurasia were of greatest counterintelligence concern. Despite their overall decline, “European and Eurasian cyber actors remain some of the most active targeters of United States technology.”

“Facilitated by ever increasing world wide connectivity, the ease of inundating industry with overt email requests and webpage submissions made direct requests a premier vehicle for solicitation and/or collection,” the report states. “While not all direct requests for information or services represent organized collection attempts, exploitation of this medium provides collectors an efficient, low-cost, high-gain opportunity to acquire classified or restricted information.”

United States defense-related technologies and information are under attack: each day, every hour, and from multiple sources. The attack is pervasive, relentless, and unfortunately, at times successful

Defense contractors with access to classified material are required to identify and report suspicious contacts and potential collection attempts as mandated in the National Industrial Security Program Operating Manual (NISPOM)

DSS encourages all Facility Security Officers to use the information in this report to supplement security awareness and education programs at their facilities.

"A manufacturing company isn't going to have the same checklist as a service company or retailer," Golden says. "They're too different. But there is a consistent set of things to look at. Some of them are specific to cloud providers; a lot of them are the same kinds of things you had to look at in outsourcing or any other service provider contract.

How responsive is the cloud company?

Some providers may be more responsive at the beginning of a relationship than later, so checking with other customers on that point is important as well, Golden says.

They will be more strict because there are no clear policies for it,"

The rules will come with time, but they don't exist yet, so businesses need to be careful what data they submit to clouds and be sure data subject to compliance standards such as HIPAA, PCI and Sarbanes-Oxley can be provably handled within those standards.

"Auditors want to see the guts of the cloud," Richter says, and that is something many cloud providers don't allow. Many keep their physical architectures, policies, security, virtual LAN structure and other essential factors secret. "If they can't see how data flows, how VLANs are segmented, see how your data is partitioned from others', they won't OK it."

According to Conner, cybercrooks are now targeting small business: "We are in an arms race with sophisticated, high tech enemies who are now concentrating on smaller business bank accounts in addition to their continued efforts to steal from large corporations." To combat the risk, Conner suggests that small businesses employ a "triple threat" security package that would include

According to Brian Krebs, a journalist who has covered this issue extensively, "Most companies that get hit with this type of fraud quickly figure out that their banks are under no legal obligation to reimburse them."

So how does this type of fraud occur, and what can you do to protect yourself? Typically, the bad guys are able to plant malware on the victim's computer and then use that to access the company's online banking profile. They then use that information to transfer huge sums of money out of the targeted accounts.

Growing scrutiny of cloud computing security in the first half of this year is not surprising in light of the numerous data breaches, privacy issues and headline grabbing cloud outages that have occurred recently

The 26-page survey report returned a stunning conclusion – though one not surprising to those familiar with legal contracting for cloud computing; namely that a majority of cloud providers do not believe data security is their responsibility - but the customer’s. 

SLAs and the “Right to Audit” Clause When you move your data to the cloud, you must consider the risk to your brand should a breach occur. You need to ensure that any Service Level Agreements (SLAs) you have in place protect it. SLAs should address any and all risks to your data while it lives in the cloud.