This is an overarching concern for all of us. All we do has security in mind. The environment has changed so much for the worse.
Once upon a time
When we started in IT, a username and password was usually sufficient. Most viruses were moved via floppy disk, so to be careful you got an anti-virus program. With the advent of the internet, we installed a firewall as a perimeter to keep out the bad guys. Hacking was usually like vandalism - damage to the computer so you could not use it. Remediation was often as simple as cleaning up the mess with anti-virus software or reinstalling Windows.
Current state of affairs
The stakes are much higher today because of what is stored. The hackers have monetized the game and are after identity documents that can be used to establish credit and access bank information. Another troubling trend is ransomware - software that encrypts all your files until you pay the hackers money. Organized crime and even countries are sponsoring such efforts. The media has an endless parade of stories of large businesses impacted. Small businesses are especially vulnerable because they do not have teams of people focused on network security.
Our security practice
We have come to the place where we have shifted our paradigm. We have scrapped as useless the concept of machines and users inside are trusted and those outside are untrusted. Yes we still do anti-virus programs and firewalls. But our focus is more on:
- strong authentication - beyond username and password
- credential management - tracking all those passwords and who has them
- encryption - even if there is a leak, the jewels are secure
- credit information security - on a personal and company level, closing doors that don't need to be open
We would welcome the chance to discuss this further with you.