Yesterday I met with 24 business leaders in Chattanooga to talk about today’s security challenges for small business.
Thanks for NetGain and Silver Sky – now part of BEA, for sponsoring this event – small business leaders need more education on how to secure their data. As we discussed yesterday, the more companies are compromised, the more government will impose expensive security regulations on them.
Unfortunately, compliance regulations are not always the best steps to take when it comes to securing data.
Take for instance the pen test. Many of the regulations out there call for pen testing – the thought is, if you can’t get through with an automated pen test, you’re okay. That’s not the case.
The Wall Street Journal published a great article on Social Engineering, Inc. yesterday – The Man Who Hacks Your Employees. Here’s just one simple example – Chris Hadnagy does a sort of pen testing for a living. Only, it’s not the kind HIPAA mandates. He uses social engineering to trick employees into giving over their credentials. It’s amazing how quickly people will give up passwords, and just about anything you ask for. All you have to do is sound like someone who should be calling, and ask. If you have access to the WSJ article above, it’s worth the read. Once he’s tricked them, he has their attention, and can provide meaningful input on what not to do in the future.
100% Sign Up...
NetGain did offer this group a complementary assessment to check some of the issues I discussed
They’ll be following up to help these business leaders understand what they should be considering for security as they look at cloud services, mobile devices, and move closer the the Digitization Megatrend we keep reading about. Every business leader saw the need for this – 100% of them signed up to see where they might be at risk! This is the first step in keeping data safe, and avoiding unnecessary bureaucracy.
© 2015, David Stelzl
P.S. In a few weeks I will be launching a new website dedicated to corporate security user awareness and helping executives and business leaders understand how they can start taking the right steps to secure their data.