Does Your Company Have the Same IT Security Lapses as the VA?

Data Breaches,TechR2 Blog

Does Your Company Have the Same IT Security Lapses as the VA?

Later this month, the inspector general of the U.S. Department of Veterans Affairs will release a security audit that identifies the IT weaknesses of non-classified government agencies, according to Data Breach Today. Surprisingly, the audit confirmed cyberthreats to the VA from both domestic and international hosts.

However, an expert quoted in the article noted that the same lapses uncovered at the VA are also prevalent in the private sector, and blamed a lack of education for failure to commit to basic security measures.

The audit investigated all systems at the VA and came up with a list of blatant deficiencies, a list that creates a good starting point for IT professionals and business owners to reference.

The weak points of the infrastructure are divided into four categories:

Configuration Controls
•Updates and patches to systems were not timely or routinely implemented across the board.
•Change and baseline controls were not holistically implemented.

Access Standards and Controls
•Passwords requirements and updates were not enforced across all systems.
•Inactive and expired user accounts were not removed from systems.
•Remote access was not stringent (multifactor).

Security Management
•Risk assessments were outdated.
•Documentation did not match the current infrastructure.
•Employees were not trained or investigated to match their security levels.

Contingency Controls
•Updates and patches to systems were not timely or routinely implemented across the board.
•Documentation did not match disaster recovery tests.
•Recovery procedures were not documented.
•Backup tapes were not encrypted before being transmitted remotely.

So what does this mean for your business?

Security and consistency is incredibly important for small businesses and enterprises alike.

From the VA agency audit, it is increasingly clear that holistic consistency and documentation are more vital than ever. Even the smallest lapse in action (missed documentation, failed encryption, improper data destruction) can lead to serious bottom line consequences. As was evidenced by the surprising results of this government audit, any entity can be the target of domestic or foreign attacks.

Keep your data safe!

[vc_row type=”grid” row_type=”section” bg_image_repeat=”repeat” padding_top=”24″ padding_bottom=”24″][vc_column dp_animation=””][vc_separator][/vc_column][/vc_row][vc_row type=”grid” video_bg=””][vc_column width=”1/2″ dp_animation=””][vc_widget_sidebar sidebar_id=”posts-footer-block-left”][/vc_column][vc_column width=”1/2″ dp_animation=””][vc_widget_sidebar sidebar_id=”posts-footer-block-right”][/vc_column][/vc_row]

Tags :
byod policy,certificate of destruction,certified data destruction,data breach,data center decomissioning,data destruction,data destruction services,electronics recycling,EPA R2,Gramm Leach Bliley,green report,HIPAA,HITECH,information security,ISO 27001,ISO certificate,IT asset disposal,IT asset disposition,it asset management,ITAD,mobile device security,mobile risk management,mobile security,PCI,R2 certified,retired IT assets,risk management strategies,sarbanes-oxley,security lapse
Share This :

Recent Posts