Info System Security, Systems Russell Mickler Info System Security, Systems Russell Mickler

Big Company Encryption Makes Small Business Vulnerable

Information security doesn't have to be a big-dollar, low-return activity. Practical approaches can help the small business implement best practices to reduce their vulnerability and make them less of a target - comparatively - to larger businesses with bigger budgets.

Companies all across the web are responding to a multitude of security threats by encrypting the web. Energy and resources are being expended to do the better thing and make their systems as difficult as possible to compromise. This is a great thing.

However, the small business usually doesn't have the resources or know-how to tackle these kinds of complex technology problems. The little guys don't know about encryption, Open SSL vulnerabilities, two-factor identification, or risk assessment. That makes small business substantially more vulnerable to attack and compromise: their IT systems are easier to hit and exploit by comparison.

I'm spending a great deal of time this quarter talking security with my clients. I'm making a slew of recommendations to improve their defensive posture. It's the right thing to do. It'll help provide a reasonable deterrent and make them less vulnerable as low-hanging fruit. If you have concerns about the state of information security in your small business, give me a call. I'd be happy to talk about practical, low-cost approaches to address these problems.

Thanks!

Read More
Economy, Info System Security Russell Mickler Economy, Info System Security Russell Mickler

Small Business: Innovate or Attenuate

Are you a small business owner? Why are you doing the same thing, year after year? Why aren't you changing? Evolving? Innovating? Now's the time. There's no better time to think differently

So you're a small business owner?

Go ahead.  Keep doing the same thing.

Keep using the same business processes, the same hardware and software, the same approaches to your business game that you've been using for the last decade. Heck, maybe even before then.

Keep hiring the same kinds of people, execute the same strategy, depend on the same marketing techniques, and say the same thing about your product or service.

Keep doing the same thing because ... ? It's safe? It's what you've always done? You're afraid of alternatives? Consequences? Real and perceived risk? Losses? Embarrassment?

Keep doing the same thing because ... ? You believe the world is static - technology isn't reinventing your industry, consumer preferences aren't changing, and that the perceived value of your product or service doesn't continually wane in the eyes of your consumer?

Keep doing the same thing because ... ? You like consistency. You dislike change. You want to keep the cheese right where it is, thank you, and that makes you feel comfortable. Comfortable is preferable to disruption.

Keep doing the same thing and - in comparison to your competitors - your costs will increase, your margins will erode,  your perceived value will diminish, your market share will shrink, and you will be slow: you shall be the master of the wrong product, at the wrong place, at the wrong time. 

But maybe, in the end, you'll still feel good about it? If not, upswings in the economy are times to innovate. Do something different. Spend a little money to R&D - try new things, in new ways, to question your assumptions and think differently.  And a great place to start is with your business processes and systems automation. 

R

Read More
Strategy, Info System Security Russell Mickler Strategy, Info System Security Russell Mickler

Why Heartbleed is a Good Thing

Yeah, Heartbleed was pretty bad. But know what would be worse? Going on, assuming everything was okay. Exposed technical vulnerabilities gets us to question our assumptions and make sweeping improvements, improving all of our security.

Don't get me wrong: Heartbleed wasn't a shining moment in tech security and I'm not super-glad that the vulnerability occurred. Still, personally, I'm pretty happy when stuff like this hits the fan.

Well, I suppose I'm glad in a "question authority" kind-of-way. When a wide-ranging vulnerability like this is brought into the open, it gets us in the technology security field off of our butts to, one, provide a remedy to the most immediate problem, but two, question all of our assumptions.

Incidents like Heartbleed, Edward Snowden's NSA revelations, and the good work conducted by Wikileaks, gets technology professionals to look more carefully at our solutions. It forces us to think differently. These incidents also reveal certain threats that we may haven't foreseen. They also lead us down a path of hardening our all our technologies in short-order to curtail compromise. In all, situations like Heartbleed elevates all of our security postures. They make all of us safer.

Arguably, what wasn't safe was continuing to live in ignorance as Heartbleed was exploited, or, while the NSA was wiretapping private data centers without warrants, or, believing that corporations and governments always have our best interests in mind. Assuming everything is okay wasn't safe. Proving flaws and vulnerabilities - even if the outcomes are undesirable - is how we all get better.

Question authority. Further, question our assumptions. Learn, build awareness, and do better next time. That's what will improve cyber security.

Read More