Page 48 - Cyber Warnings
P. 48
Where is your information with services that you have provided some of your personal
information?
This is not the responsibility of the customer but the responsibility of the companies that would
use the services of a startup or a well-established organization.
How do we address security in a cost effective method that would protect everyone?
Below is a list of an example of tools that can be used at either zero cost for the use or marginal
cost as it relates to the customer privacy. There is
CIS who provide security hardening guides for free
https://benchmarks.cisecurity.org/downloads/benchmarks/
AWS provides free AMI’s that are hardened to CIS standards
https://aws.amazon.com/marketplace/pp/B00UVT5ZIW
AWS S3 encryption at rest https://aws.amazon.com/blogs/aws/new-amazon-s3-server-side-
encryption/
Insecure.org provided a number of the best rated security tools that are available
http://sectools.org/
WAF for AWS https://www.howtoforge.com/tutorial/install-nginx-with-mod_security-on-ubuntu-
15-04/#-download-modsecurity-and-nginx
These are just examples of tools that can use to secure software and infrastructures and meet
the technical controls. The question leads to why there a number of investors out there willing
to invest in an organization that has not considered if the organization has included security?
In fact, some startups get acquired, just like the bigger player, Yahoo!, only for the acquirer to
find out they’ve already been victimized in cyber crime – whether it be repeated ransomware
attacks or a complete data breach of all the customer personally identifiable information (PII).
This either leads to shareholder lawsuits or an incredible reduction in the final acquisition cost
payout.
Lets consider the impact of not protecting information; legal proceeding can lead to closing the
doors of an organization, further compensation to the injured parties or affecting the reputation
of an organization.
What are some simple steps to include security into a new company to be cost effective.
1. Understand the sensitivity of the information you are handling
2. Understand the legal liability in the event of a data slip
3. Treat the information you receive, as it was your won
48 Cyber Warnings E-Magazine January 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
