My 3 Top Security Strategies for 2012

In Justine Rivero’s latest article “Three New Ways to Protect Your Identity in 2012” she is absolutely correct that smartcards for secure payment is needed because it is better to use security upfront than rely on identity theft protection after the fact. But why stop at payment? Smartcards offer secure data access to medical records, corporate networks, online commerce sites, computer logons, applications, and anything else where user authentication is required.

Identity thieves and cyber criminals are not just after credit card numbers. All the recent news articles about attacks by “Anonymous”, “Chinese” and organized crime has shown that digital information theft that can be used to embarrass, blackmail, and spy on companies and governments is damaging this nation. If you want to start re-building America then start by securing your data. Don't wait for politicians to deliver solutions because they consistently prove they are part of the problem.

Ms. Rivero is also correct in citing that identity theft average out-of-pocket costs per victim is $631, but that is nothing compared to the average costs of $7.3M per incident that a company or organization has to pay. Plus, the damage to an individual’s personal information is still at risk no matter what protections the individual deploys.
Companies have to stop discussing cyber dangers and start deploying the following:

My 3 top security strategies for 2012:
1. Deploy smartcard technology to authenticate users prior to data access. For some organizations it may be the more complex and expensive PKI solution, others might need only a secure password manager and others may need both. Independent of the authentication technology, smartcards are the best defense on the market to add that barrier of protection.

2. Encrypt all laptop, computers and mobile media data storage devices. It seems that only a few years ago it would just have been a computer’s hard drive that one had to worry about. But not if information is stored on the cloud, laptop or USB drive. It all needs to be encrypted.

3. Don’t reach for the cloud until you know you can fly. Today there is so much hype about moving company information to a cloud based architecture. The rational is that the cloud reduces IT costs and makes access to data easier for all your employees. However, what is often not discussed is where the server farms are actually located, how secure these servers are, and that as more information is stored the more enticing it will be for cyber thieves to want to attack. In a recent un-scientific poll running on LinkedIn asking what is holding back cloud deployment, 53% say its security.

4. Bonus: Take time to educated your employees about security. It seems that the number one attack is still the phishing email with attached malware file that the employee innocently opens up that then takes down an entire company.
So in conclusion, IT security has to have many different barriers, safeguards and protection points. Anti-virus, firewalls, encrypted data, etc. is still needed but what is still overlooked is the deployment of multi-factor credentials that authenticate the user before they ever get past the firewall.