Posts Tagged ‘Risk Intelligence’

National Cyber Security Awareness Month

Posted on: October 28th, 2017 by jiml | No Comments

October was National Cyber Security Awareness Month. Here at Colden Company we are trying to do our part to raise awareness through webinars, social media posts, and other communications. We often say here at Colden Company “If you are running your business the same way you were three or four years ago, you are not staying the same, you are falling behind.” This saying was originally intended to apply to technology because technology is continually advancing; if your business is not taking advantage of it, your competition likely is. The saying is also particularly appropriate for data security. The threats facing your business are not staying the same; they have increased in both number and complexity over the years. We do not think anyone reading this would disagree with that point. In conjunction, your defenses should also be improving to combat the increasing threats. If you are using the same defenses you were three or four years ago, you are not staying the same, you are falling behind the data security curve and, most importantly, exposing your business to more risk.

Raising awareness to cyber security concerns is a worthwhile exercise. However, it seems like we are running the risk of desensitizing people to the risk by continual bombardment of this breach and that vulnerability that appear on the nightly news. Not all vulnerabilities are equal in size and scale and some judgment needs to be used to inform the public of the risks. Having said that, the risks are real. Cyber criminals have, unfortunately, been wildly successful with certain hacking campaigns like ransomware, which has lined their pockets with millions of dollars (and in some cases tens of millions) which they are using to perfect their craft. Hacking is a business and it is big business – make no mistake about it.

As a business, you may read about the latest breach and think to yourself “Here we go again. I can’t stop it so why worry about it.” We understand that sentiment. The question we would pose is “If you could stop a data breach at your business, would you?”. It’s true that there are many different threat vectors that hackers can use to attack your business. Why not spend time and effort blocking the most common ones? There are things you can do without breaking the bank to further protect your business. Incremental improvement may just save the day and prevent a breach.

When a hacker probes your business for a vulnerability and your business is protected from it, do you know? In most cases, the answer is no. Hackers use sophisticated programs to probe networks and attack the ones that are vulnerable and leave the ones that are not. This makes proving return on investment (ROI) for security a much more difficult number to show. How do you show ROI on something that did not occur? We can only do so, by citing the costs of breaches that have occurred.

Hacking attempts and breach attempts happen on a much more regular basis than you may believe. It is almost a certainty that your business was targeted at some point in the last year. The frequency with which this type of activity occurs would surprise most. We see more of this because it is our business to protect our customer’s critical data and we have tools in place to monitor and report on certain types of attacks. Unfortunately, the business that have with the best security measures in place are often the ones who had a security breach or had some type of security scare. It is analogous to buying the home security system after the break-in; you don’t want to go through that experience again, so you prepare.

So, in closing, I ask you to do this. Tomorrow morning when you wake up, pretend you just got a phone call from a staff member who told you there has been a data breach at your business and data has been compromised or lost. What would you do? How would you feel? If you would like to avoid that feeling, take the time to improve your data security to keep pace with the increasing threats. After all, if you are staying the same, you are falling behind.

Give our certified security experts at Colden Company a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.

The Risk with Data Breaches

Posted on: December 27th, 2016 by jiml | No Comments

Does your company store private information such as credit card numbers, social security numbers, or health information? Are you sure? Data breaches where this type of information is exposed can cost your business money. A quick scan of the newspaper headlines on any given day will often report on a breach and subsequent fine, whether it be Morgan Stanley’s $1 million dollar fine, or AT&T’s $25 million dollar fine. There are plenty of high profile examples. Beyond the headlines, many smaller businesses are finding themselves subject to data breaches and fines. These fines may not accumulate to the millions of dollars as in the cases mentioned above but can be just as impactful – if not more impactful – as small businesses might not have the same type of financial cushion that big companies have.

Breaches, especially preventable breaches, that result in the exposure of private data will result in a fine. Businesses have a legal responsibility to report breaches that expose individuals’ private data. That responsibility varies from state to state. At Colden Company, we work with businesses large and small to assess that risk. We have specialized technology that can proactively scan your data resources for the type of protected data that, if breached, would result in a fine. We have worked with many small businesses that have told us “no, we do not store that type of data.” A quick search of the HR person’s computer often proves otherwise.

The question we are often asked is “what steps do we need to take to prevent getting fined?” Good question. Legal documents are often vague, citing businesses must take reasonable precautions. What constitutes reasonable? And if you are breached, it is very easy for the state to say your defenses were obviously not reasonable enough or you would not have been hacked! A leading non-profit security organization, SANS Institute, has compiled a list of twenty recommended security steps that businesses can take. If you would like a copy of this list, please email us at

There is a balance between usability of your systems and security of your systems. Given the nature of the threats that exist, we are advocating for a tip of the scales in favor of more security. The measures your business was taking two or three years ago may not be sufficient to protect your business from today’s threats. Add on to this the increasing likelihood that a breach can result in fines, lost data, and lost customer confidence and this should prompt your business to take a second look at its security practices.

Studies have shown that preventative maintenance is far less costly than reactionary spending to a breach. The scanning technology we spoke of above is just the type of preventative measure that can protect your business. This type of scan is extremely valuable as it can point you right to where your vulnerabilities are – vulnerabilities you might not know you have. Contact us today at (888) 600-4560, email us, or visit us on Facebook or Twitter to schedule your scan.