Last Monday I posted about busting some security myths. Well as part of that post I mentioned that security could be considered in terms of the cost of not implementing it rather than the cost of implementation.
As much as anything else, implementing good security should be seen in the same light as purchasing a good insurance policy. It’s something you purchase and hope that you never need to use.
What would losing corporate data mean to you?
This is something that you yourself need to determine based on the information you keep and the information sensitivity. A knitting store losing a list of the types of yarn they keep in stock is likely to be less damaging than a bank losing a list of fortune 500 CEO’s personal details.
Even if you don’t count the fortune 500 CEO’s among your customers it does not absolve you from privacy legislation which requires you to store sensitive data in accordance with best practice.
What are the ramifications of a data leak?
For that you need only ask Sony or Apple as to the ramifications of leaking sensitive data. Sony has been dealing with both a PR nightmare and a major class action. Right now Apple is still rebuilding one of their portals. This morning I received another apology email from Apple advising me that they are still cleaning up the technical mess left behind. This is a full week after the successful hack. Even if you are not the size of Sony or Apple the same risks still apply.
Who would want my corporate information?
Regardless of your company’s size, there are people out there who would love to get a sneak peek at your sensitive data. From your competitors to investors to hackers causing mischief, there is no shortage of people who would love to see your books, your customer lists, your current and future orders.
Surely all developers have security on the forefront of their minds?
Actually you’d be surprised how often security is only bolted onto a system as an afterthought. The problem with this approach is often a system “feels” secure, but the reality is that retroactively fitting security into a system leaves massive scope for weaknesses which can be exploited by a hacker.
What should I do to protect my corporate data?
The answer to that is simple, treat database security in the same vein as you would your business insurance. Think not about the cost of implementing it, but rather the cost of not having it, much as you would when evaluating your insurances. Furthermore like insurance, cheaper is not necessarily better.
Make sure that prior to signing on the dotted line, or clicking the “I Agree” on a websites sign up page you understand the security implications of using that service. If you are unsure yourself, ask for professional advice. Like with the insurance advisers out there, asking an IT security expert prior to committing to a product can save a lot of heart ache down the road.