Protecting your network from network intrusions is sometimes ignored. Security is an ever changing game and criminals “Black Hat Hackers” are always further ahead then the police “White Hat Hackers”.
As a Canadian company it is your duty to keep your customers information secure and your site audited to ensure your customers safety. SONY ignored this and had it’s 88 million users data compromised and shared all over the Internet.
Currently SONY’s insurance company advised it will be stepping away from ensuring their non physical goods as per their US class action suit.
Reading these articles from multiple sites really puts down the reality and perspective companies operating on the Internet or which have physical goods which connect to the Internet need to take.
Below are some simple changes I would highly recommend:
If your company is running their own web server, I would hire a third party company to assess your online security, this company will run a battery of penetration tools against your website and then certify the website for being safe. I recommend doing these audits at least every 2 quarters.
If you are using a shared hosting company I would contact them and ask them what is their regular security audit so you may add this to your “Privacy” for your website. It is to the company to ensure it’s customers security and in this case you are paying for a space on their physical web server.
Office Penetration Testing:
Hire a company which will come in as an employee and use the lowest security credentials to ensure your employee’s are not able to compromise your intellectual property. A good penetration tester will test for any Wireless openings, computer auto locking measures, un-protected files/folders etc..
Written by Michael@Hack3Rs