The Tech Blog
Technology That Fits Your Business

Your source for the latest in IT Security, Support and Solutions.

The most common way for websites to protect information from those who may maliciously intercept it in transit is encryption.  This strategy changes, for example, the cardholder name and credit card number submitted on an e-commerce site into a string of characters that is meaningless unless it can be decrypted.  One type of encryption used in computers is known as symmetric key encryption. 

 
Payment processor First Data has revealed that over the course of the past year, there has been a surge of hacker incidences seeking unauthorized access to systems that use a point-of-sale approach for credit cards.  Unfortunately, for small and medium sized businesses, the merchants that are being targeted most heavily by tech criminals are those that are classified as Level 4 by Visa.  Such businesses, which process relatively low numbers of transactions each year, are responsible for slightly less than one-third of all credit card transactions that take place in the United States. 

The new era of cloud computing brings with it tremendous advantages in terms of scalability, cost savings, and employee efficiency, but it is not without its challenges.  One of the greatest challenges is the need for robust security.  In order for businesses and other organization to operate at their full capacity, the cloud solutions they employ must be appropriate for the threat environment as it currently exists, as it is likely to evolve in the near future.

The giant anti-virus company Symantec has released a new version of their Internet Security Threat Report.  The study, which is published on a yearly basis, outlines the current threat environment in detail.  Among the findings were some facts likely to startle employees of small and medium businesses, even those who regard themselves experienced with today's online environment threats. 

As more and more businesses decide to migrate some of their workflow onto the cloud, issues of content management can become paramount.  The tools and software that can serve to provide effective content management on the local network level may not be transferable to a cloud context.  This means that managers and employees may need to learn to work with new systems that can help them to keep cloud resources well organized so that employees can find the documents and data they need in a timely manner.  Cloud content management systems are also invaluable when it comes to making sure that encryption is consistently applied according to the policies and procedures established by the business.

The issue of authentication has been a challenge for businesses for at least as long as computers have been an integral part of the workplace.  Newer technologies, however, are beginning to provide much more secure means of authentication than the typical user name/password combination or the use of a dongle or special card.  Text input, after all, can always be compromised and physical objects that a user must supply can be misappropriated or misused.

It has come to the attention of information security analysts that the state of Texas had a major security breach earlier this month.  Fortunately, the state's consistent use of encryption technology meant that the worst consequences of such a breach were avoided.

Businesses involved in any phase of the delivery of health care to Americans need to keep a close eye on their methods, procedures, and practices designed to implement and enforce IT security.  The need for this was made all the more apparent this week as word emerged from the federal government that the total tally of health care breaches will soon pass the 20-million mark.  The government has kept running statistics since September of 2009 and it has calculated that in less than three full years, more than 400 separate breaches have affected more than 19 million individuals. 

Even the best physical security measures for data can fail, as evidenced by a California mishap this week.  Personal data about more than half a million individuals involved in the state's child support system have been compromised.  The personal information in question includes not just names and addresses of children and adults involved in the system, but also Social Security numbers, California identification or driver's license numbers, and even information that relates to health insurance policies held by the individuals.

No business organization wants to be the subject of a hacking attack or other security breach, but if one has in fact occurred, the best the organization can do is treat the event as a ‘teachable moment’ that can help it look toward the future to improve security protocols and procedures.  IT consulting firms can be a partner in this process, which also involves the leadership at the affected business stepping up to take responsibility for crafting improved policies for workers to follow.