Who is guarding your wall?

Read

You may have skimmed the story earlier this month that talked about Chinese espionage gangs hacking into government computers.  Among other things, they obtained reports on Indian missile systems, the travel plans of NATO forces, and a year’s worth of the Dalai Lama’s personal email.

We’re not the government, you may have thought. Our data isn’t important enough to steal.

Think again.

  • Got customers?  Take credit cards?  Your data is worth stealing.
  • Got patients?  Keep track of their medical records?  Your data is worth stealing.
  • Got clients?  Keep files related to litigation, transactions, other legal matters?  You’re a target.
  • Got employees?  Keep their social security numbers?  Definitely worth stealing.

You are as secure as your weakest link.  And take heed, your weakest link will be exploited.

The Chinese built the Great Wall to protect themselves from their enemies: Huns, Mongols, Turkic peoples, and other nomadic tribes.  But, as Genghis Khan said, “The strength of walls depends on the courage of those who guard them.” He and his Mongol hordes bribed a Chinese official to open the Great Wall forts.  Thus the Mongols conquered China.

The Great Wall offered no security to the Chinese when invaders identified vulnerabilities and exploited them. All it took was a simple payoff.   How confident are you that your information security can’t be breached?

If you said 100% confident, you’re fooling yourself, and you may be seriously at risk.  I recently wrote about seven “tales of woe” that happened at companies.  (Pay particularly attention to items 3, 4 and 5.)   Trust me, every industry is vulnerable.    And the risks to your clients, your reputation, and your wallet increase every day.

If you haven’t had an independent information security assessment in the past twelve months, the Mongols may be about to exploit your weakest link.


Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.

  1. Louis Rosas-Guyon says:

    I tell all my clients that the best defense is a layered defense. Strong passwords alone aren’t enough if they never change. State of the art internet firewalls aren’t enough if they aren’t monitored and maintained.

    Anti-virus, anti-spyware and anti-rootkit technologies are also additional layers. Educating employees in common sense security standards is too. Plus an annual security audit never hurts.

    The sad truth is there is nothing that will stop a dedicated, competent thief. The best you can do is throw up so many impediments that he gives up and goes looking for an easier target. A layered defense will go a long way to helping you protect yourself, your clients and your data.

Leave a Reply

Your email address will not be published. Required fields are marked *

We respect your personal information. Please review our Privacy Policy for more details.