Pratum Blog

The year is 1995.  Viruses and Trojans are running rampant in computer networks.  They are being used to hack networks and create data breaches at an alarming rate.  Centralized anti-virus management consoles are providing technology and business leaders with a false sense of security.  While no outbreaks are being detected, systems are frequently out of date or not connecting with the console but nobody is watching those statistics.  Only outbreaks are monitored.

Fast forward 20 years.  The year is 2015.  Viruses and Trojans are running rampant in computer networks.  They are being used to hack networks and create data breaches at an alarming rate.  Centralized anti-virus…..you get the picture.  Not much has changed in 20 years.  I urge you to do a full audit of your current anti-malware strategy.  The last 3 data breaches we've investigated have had a malware component used to hack the victim. Each thought their anti-malware strategy was solid.  They were wrong.  Are you?

Information security is all about the technology right? Wrong. Oh, it’s all about the people right? Wrong. Well if not people and not technology, then what? I’ll give you a hint. The first two are part of the equation. The thing that is most often overlooked is process. People, Process and Technology. If you’re missing any of the three, your information security program is bound to fail.

If you’re missing the process component, you’re most likely missing the risk management functions which are critical to your business. Risk management is what ties information security people and technology to the business. Have you seen organizations throw money at security technology and still have massive breaches? Have you been in a department where it’s impossible to get funding for any security expenditures? Are you a CEO who’s having trouble finding value in the people and technology requests to address security? It is because proper risk management isn’t accomplished.

Risk management works to identify the risk to the business and then determine what blend of people, process and technology will mitigate that risk to an acceptable level using the most cost effective controls. It’s hard to do and even harder to teach. At the risk of sounding self-serving, this is where seasoned IT risk management professionals are worth their weight in gold. Helping tie business objectives and risk to security projects which will protect them properly takes a lot of skill and expertise. Many security professionals employed by companies today are technology first. They lack the business acumen to help their organization manage risk. Find someone who takes a risk first approach and your information security program will be far better off.

Nothing in this world is free. Everything has a cost. Parents, did you know that most of the “free” online apps your children use have actually been paid for with their privacy? Apps like Instagram and Facebook use a tracking identifier placed on their mobile device to identify your children and their behavior. This information is then provided to their “affiliates” to provide them with ads that are tailored to their preferences or what they assume their preferences are. All of this information is stored in consumer databases. They may even have given some apps the permission to read text messages or emails. The free Google Docs terms of use say they can index files stored in their services. That’s a lot of private information that’s not so private any more.

I don’t allow my children to use most of these online services but I’m not saying you shouldn’t let yours use them. I simply want you all to know that “free” isn’t really “free”. While there isn’t an immediate exchange of currency, there is an exchange of “goods” for “services provided”. You might want to take a look at the terms of use for some of these apps and determine if you want to trade your child’s privacy for their free use.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.