Case Studies

Law Firm

Printing Company

Staffing Company

---

Resources

Spam Campaign Surfs Web on Your Behalf
The Sarbanes-Oxley Act 2002
HIPAA Health Information Privacy Standards
CSI Computer Security Institute
TrendIQ
Trend Micro Worry-Free
Microsoft Security Intelligence Report

Network Security
Planning & Management

Human

The network is as strong as its weakest link and the human element is the one that usually get neglected by most system integrators. Social Engineering, passphrase polices, internet usage policies are all examples of the human aspect that may lead to security breaches and cost your organization a lot of money. Some of the solutions will also need to be discussed with your lawyer, but many are common sense tactics.

Social engineering is the act of a hacker enticing someone on the inside of the company to divulge specific information. A lot of these social engineering scams come by the way of email, and fake websites, but they can also happen through a phone call or regular mail. The most effective way to thwart the social engineering security hole is to train your staff and have policies in place to minimize the transfer of data outside your network infrastructure.

There are several different policies that can help you battle against these security holes and the one that should be implemented first is an internet usage policy. This policy describes to the user what can and what cannot be done using the organization’s internet connection. It should also describe the consequences clearly as well. This policy should also contain a section about the usage of e-mail. It needs to define company email usage versus personal email usage as well as what content can be sent via email. These policies need to be reviewed by your lawyer before being put into place. This point is very important because your lawyer may need to defend these policies in a court of law.

Aperio can help with all of the above. Our information technology administrators have experience with various types of organizations and have been able to train and help write policies for them. We can supplement those policies with technical solutions that will allow us to limit the use of the internet as well as stop outgoing emails that contain sensitive organization data. There has been legislation passed that define some specific security measures. The Sarbanes-Oxley bill and HIPAA are the two most prominent pieces of legislation that organization need to adhere to.