Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
SYS-CON.TV
Top Mistakes That Leave SMBs Vulnerable
Even the smallest of businesses can generate a huge volume of emails, payment information and other data that must be protected

Today even the smallest of businesses can generate a huge volume of emails, payment information and other data that must be protected. Medical practices, credit unions and independent retailers all face HIPAA, PCI and other standards. With so many regulations and limited budgets, how can small businesses keep up? Here are the top security mistakes that leave SMBs vulnerable to breaches and compliance audits.

Ignoring Blind Spots
In small businesses, technical expertise is generally not deep - rather, the folks in charge of protecting data are often performing other job functions in the company. If your staff lacks expertise in a given area, it is important to invest in a regular health check with subject matter experts to ensure each solution you have in place continues to remain optimally configured, and operating at peak performance.

Thinking Your Size Makes You Immune
Many small companies believe their size means they are immune to break-ins, stolen IP or other issues, or they feel only bigger organizations will be targeted. This leads to a piece-meal security portfolio being put together with cheap point solutions, freeware and no way to consolidate the information. Don't think it won't happen to you - always take precautions and take threats seriously.

Not Checking Your Work
Just as a writer's work is reviewed by an editor, your work may benefit from a second perspective. In one instance, an administrator at an oil and gas company manually input a policy that included a typo. This left a huge hole, which was open and susceptible to attack. Having your work reviewed by a second set of eyes, be it a colleague or a consultant, can help avoid simple errors and protect your business.

Viewing Compliance as a "Checkbox"
HIPAA, PCI, FISMA and others are not just points to cross off your list. To get out ahead of audit findings, implement industry best practices such as CIS, SANS or even MS Hardening Guidelines. Nothing ruins your week like tracking down lost data or tracking down a root cause, so embrace a security mindset and view it as a responsibility, not a chore.

Not Enforcing an Employee Security Policy
Few small businesses enforce security policies on their employees. In any business, employees are likely storing customer data, whether they are aware of it or not. A stolen laptop, lost smartphone or even a prying eye can lead to the wrong people obtaining your IP or customer data without your knowledge. Create a policy if you do not have one currently, and enforce it on all employees.

Ignoring Staff Education
Whether your staff comes to you with a strong security background or is forced to "learn on the fly," a lack of training can lead to avoidable incidents. No matter their prior knowledge, make sure your IT staff receives training about the products they work with and provide time and financial resources to help keep them up to date. Personnel training can provide a large ROI, and helps avoid incidents that could damage your business and reputation.

Using the Same Passwords Again and Again
Every company, small or large, should strive to have some guidelines and standard operating procedures around the use (and re-use) of passwords. In order to mitigate the risk of successful password guessing and cracking in their environment, employees should be aware of the issues that may stem from the use and reuse of weak passwords. Put a password manager such as Last Pass, Keepass, or Roboform in place to generate random passwords for each new account that is created and to keep track of them. Change passwords for critical resources every 90-180 days, and enforce rules of complexity such as a minimum number of characters and alphanumeric rules.

Letting Anyone on Your Network
Clients, vendors and other visitors may request access, but allowing non-secured personal or third-party computers to connect to your LAN can be a big mistake. Make sure any and every computer on your network is secure; you never know if a client's laptop is carrying a virus.

About Sarah Isaacs
An expert in antivirus theory and technology, Sarah (Merrion) Isaacs serves as Conventus’ Chief Executive Officer as well as the company’s Chief Operations Officer. She co-founded Conventus in 2006 after working as a Technical Manager for the central region at Symantec where she consulted on the implementation of antivirus and client security technology products for numerous corporate and government enterprises. In this role, she was an invaluable resource for 17 traveling and on-site consultants — providing guidance and professional development opportunities. Prior to this role, she served as a Principal Security Consultant at Symantec.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

SOA World Latest Stories
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, dep...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus ...
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will d...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publ...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one l...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling independent service deployments. In this presentation we'll provide an overview of the tools, patterns and pain points we've seen when implementing contract testing in large development ...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
ADS BY GOOGLE