Your website may need a makeover, better functionality,
stronger branding or improved technology to deliver
the experience your users expect.
With CNP Integrations as your partner you can have
the confidence to do more while maximizing your time
and minimizing your costs. Our roadmap to success
will ensure you have the security and competence to
move forward with your priorities and objectives while
respecting your budget and timeline.
Email: [email protected]
Postal Address: 385 Columbia St., Fall River, MA 02721
In a post Edward Snowden era it is no secret that all of our communications are being monitored and assimilated in a vast collection of “big data”. Often this data is then fed into predictive software and advanced calculators to determine predictive behaviors and associations with other data or data sources.
This information you do not always agree to share is then kept permanently and stored in big facilities around the world such as NASA’s Utah Data Center is, over 1.5 million square feet and four stories tall shown above. While this is not always made publicly available, every system can be penetrated and most likely will be at some point in the future. NASA is not the only collectors of "Big Data" there are many large copmpanies dedicated to coolecting and processing. In fact many have contracts with the government to supply data for ay number of purposes.
Some data we freely give out such as that which we post to google, facebook, instagram, twitter, bing and many others collect through using their online tools, email systems and search engines.
While we often chose the convenience, proliferation and usability of the many new cloud based tools there is a trade off.
Here are a few tools you could use to protect your privacy while interacting online:
One of my favorite site for showing how prevalent cyber attacks are and note who is attacking or being attacked is to visit the Norse interactive real time threat map. http://map.ipviking.com
If you watch this long enough you can get a pretty good visualization of the threat landscape. Keep in mind this only show where the illicit traffic is going to or coming from. It does not show if these were successful or the results from potential penetration. Important though is that the traffic is significant and the odds are very much against you that somewhere along the line someone will eventually find a way in to your site or IT infrastructure.
The key here is to take as many proactive measures as possible to protect and fortify your systems.
Step one: Regardless of where you are in your organization learn about the various kinds of threats and how they could potentially impact your organization.
Step two: Identify the best tools and talent for protecting your assets and reducing risk if an attack on you is successful.
Step three: Have a recovery and response plan. Make sure there is a clear authorization, communication and accountability plan for resolving incidents effectively and efficiently. Remember most often a response will be required in the least convenient times for you and your response team.
Step four: Have a clear follow up plan so you can implement proactive preventative measures in the future and have documentation of lessons learned.
It is imperative if you are a business owner or manager that you you remain involved in the strategic planning and prioritization of security in your business plan. However, most often you are busy running your business and supporting your customers. This means you just need your site to run smooth and have someone looking after and monitoring the state and condition of your web site and IT infrastructure. This is where a carefully matched service provider can assist you in getting the best protection and response plan in place. They can monitor and help you maintain your online assets to protect from costly downtime, intrusion liability, potential public embarrassment or interruption of service to your customers.
In conclusion I would highly recommend that you take the time to carefully craft a security response plan and hire a professional team to help protect and maintain your online programs. Like they say it is always quietist before the storm so it is better to plan ahead vs having to figure this out in response to a crisis.
Joomla is standing tall as the most secure open source platform and the community continues their proactive response to keeping this a priority. Today Joomla released an important security patch and all Joomla users should immediately upgrade. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability. All of us here at CNP and throughout the Joomla community recommend that you update your sites immediately. This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.4 release.
What's in 3.4.5
Version 3.4.5 is released to address three reported security vulnerabilities and includes additional security hardening of the UploadShield system.
Security Issues Fixed
High Priority - Core - SQL Injection (affecting Joomla 3.2 through 3.4.4) More information »
Medium Priority - Core - ACL Violations (affecting Joomla 3.2 through 3.4.4) More information »
Medium Priority - Core - ACL Violations (affecting Joomla 3.0 through 3.4.4) More information »
The impact of cyber crime is by far the most significant this year and could surpass a combination of years past. Since privacy laws have laxed in recent years and emerging technologies are putting more power in the hands of mischievous hackers or criminals the challenge of protecting from cyber crime has also increased multi fold. If you think about it a “hacker” (generic sense because not all hackers are back guys) wants to get into your web site or IT infrastructure they often only need to find one vulnerability out of a huge well known and very available “catalog” of vulnerabilities and techniques. In contrast you as a protection agent need to protect from all known vulnerabilities as well as perhaps some yet to be discovered. In addition you need to have a data recovery and risk management strategy even if you have a small web site or infrastructure.
You might think “ I have a small website with no sensitive information” why would anyone want to hack me. Well you are perhaps one of the best candidates for a thrifty hacker since it could be easy to get in and stay stealth in your site without you even knowing they are there. Kind of like a perfect hiding place for them to launch attacks or host files used in what are called phishing schemes. For example they can have a replicat of a banking site with login fields directing username and password emailing after a long path of encryption and passing back and forther over to their email. They would send out scary emails telling you your back account is in jeopardy and that they need you to immediately log in to verify and update their account information.
So with that in mind if you are online you have the same responsibilities and liabilities as much larger organizations with significant IT budgets. The troubling and not so talked about fact is that the ultimate liability will fall on the origination of the hack. So in the Phishing example above as the owner of the site where the hacker breached or collected the information used for illicit purposes, you would ultimately be the one liable. In addition your accounts would be suspended and you could have all of your online content seized or prohibited access to it. Remember those long hosting agreements and terms of service contracts you never read but eagerly in haste agree to? Well most often this is where the hosting companies push the responsibilities on to you. This is in part why you are getting your hosting space in many cases for so cheap since the cost is not in the hardware and disk space they allocate you but in the administration and threat prevention systems the hosting companies need to employ. They pass the potential liabilities on to their customers to avoid potentially extensive legal and administrative costs. It is also often not an area they have under their control since ultimately you are the one responsible for keeping your site secure and up to date.
The conclusion here is that regardless of how big your site is you need to make sure you are paying attention to the security aspects of your environment. Most of the time this means to have a professional team behind you and making sure you keep your online environment current and up to date. While there is no such thing as a guarantee when it comes to security having a dedicated team available to advise, monitor and ready to respond when an incident arises could protect you from serious liability and significant costs.