Month: October 2008

Cisco survey: Cultural differences can complicate IT security when work goes offshore

Posted on by admini

“As you globalize and move into new regions that you haven’t worked in before, you really need to understand the cultural differences” in order to implement an effective data protection strategy, said Marie Hattar, Cisco’s vice president of network and security solutions.

For example, about 64% of the IT decision-makers surveyed in China and nearly half of the ones in Brazil said they thought that employees at their companies allowed outsiders to use corporate laptops and mobile devices without any supervision.

Meanwhile, 39% of the end users polled in Brazil and 20% in India admitted to sharing sensitive information about their jobs with family members and friends; another 8% and 7%, respectively, said they had shared such data with absolute strangers. In a majority of the cases, the survey respondents said they discussed sensitive information with others because they wanted to bounce an idea off of someone or just vent.

Compared with workers in other countries, a significantly larger proportion of end users in China (42%), Brazil (26%) and India (20%) altered the security settings on their company-issued laptops.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9116018&source=NLT_AM&nlid=1

Read more

How to Minimize the Impact of a Data Breach

Posted on by admini

With the Computer Security Institute reporting that 46 percent of computer security professionals have had security incidents in the past year, 26 percent of which have had more than 10, you begin to see the magnitude of the problem.

Sixty-five percent of this cost is the direct result of lost business, including customer termination—a rate that is increasing by 30 percent a year.

All this amounts to an unpleasant picture, one where current practices in breach response are falling short in keeping your customers, and therefore revenue, within your company.

Legal obligation vs. Customer satisfaction Recent research by the Ponemon Institute, the Consumers’ Report Card on Data Breach Notification, has provided some of the most useful information to date to help organizations determine the most effective techniques to minimize the impact of a breach and to retain customers. Large delays in notification signal to your customers that you are hiding something and/or they are not important to you, despite some realities that it takes time to assess the impact of a breach. Although it may not be possible to notify customers within a week, or even several weeks following a breach, your goal should be to notify them as soon as possible, with what reasonable information you can divulge at that time.

Do they have to close their credit card accounts? Many respondents in the Ponemon study found communications to be unbelievable or misleading, failing to reduce their fears about potential harms they faced because of a breach. Although you are the barer of bad news, you also have the opportunity to be the barer of solutions. Lay out for your customers the “next steps” they can or need to take after they are notified. Include information, phone numbers and Web sites on freezing credit files, getting free credit reports and other tips customers might want to know and follow.

At little or no cost to your organization, acting as an educator will not only help your customers recover from the incident, but maintain your organization as a trusted source.

Offering identity protection services has proven to have a positive effect on customer retention, and in many cases, offering such services is more affordable than new customer acquisition strategies. Individuals who receive free or subsidized services, such as credit monitoring, identity theft insurance or identity recovery services, feel less concerned and worried about the breach after it happens.

http://www.csoonline.com/article/451785/How_to_Minimize_the_Impact_of_a_Data_Breach?source=nlt_csoupdate

Read more