IT Security Questions and Answers

Visit our other FAQ pages to find questions and answers related to HIPAA Compliance and PCI Standards or find definitions for common terms in the Loricca Lexicon.

If you do not see your question answered below, use the form below to submit your question.

Data Security, Breach and Incident Response

“Since we could never keep up with new, creative cyber threats, aren’t we better to wait to deal with an incident if it ever happens to us?”

Many businesses and consumers alike are suffering from what has been called “data breach fatigue.” The constant news of new attack tactics and large, well protected companies falling victim to cyber crime can be disheartening. While no amount of security focus or spending can guarantee your company will never face a breach or attack, basic best practices can protect you from many threats. Neglecting to take all the security precautions that you can only multiplies your risk level unnecessarily. There’s no sense in inviting trouble.

“My company is not a large entity like Target or John Hopkins, would we really be a target for hackers?”

The National Cyber Security Alliance estimates that one in five small businesses will be a victim of cyber crime this year.  Despite this reality, surveys reveal a dangerous lack of concern among small business owners about their own security and a widespread failure to plan and to implement policies to protect their systems and critical data. While it may seem that your risk of attack is lower than the larger companies this is not supported statistically. Furthermore, when a small business suffers a breach or cyber attack, it is much more likely to be catastrophic for the business.

“How do hackers gain access to my network or data?”

A 2012 survey reported by CIO Magazine (2012 Global State of Information Security Survey) showed nearly equal responses (10%-18% each) for exploitation of data, mobile devices, applications, systems, networks, and humans (social engineering). Many companies go to great lengths to secure networks but fail to address the simpler threats. This is a lot like locking the front door but leaving all the windows open.

“Is Cloud computing safe for my business?”

Cloud computing is not new. It is now a widely accepted solution for most businesses. But the question still remains – it is safe? While the answer is different from one company to the next, and the types of cloud services or tools used will vary by industry and by company, with appropriate safeguards in place, cloud computing can be a very secure, economical, and practical solution for most businesses.

“How can my employees safely access the company network remotely and/or using their own personal devices?” 

Remote access can be great for productivity, work-life balance, and employee satisfaction but it does not come without risks.  These risks can be mitigated, however, with proper employee training and technical safeguards in place, your company can provide your employees a degree of flexibility. For more, check out this article.

Business Continuity and Disaster Recovery

“Does my company need a Business Continuity Plan?”

Every Business Continuity Plan is different but the answer for virtually every business is, yes, you need a BCP. Smaller, more agile companies may think their need for a formal plan is less than that of a larger corporation. While the plan may not need to be as extensive, smaller companies should realize the risk from an event impacting business operations could be more severe and they may be less able than larger companies to recover without having a good plan in place ahead of time.

“What is the different between a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP)?”

In general, a BCP speaks to the recovery of normal operations for the entire company. This would take into consideration factors such as physical asset recovery, getting employees to the work site during a disaster or event, safety considerations, absorbing and covering financial losses from down time, public relations issues, and so much more.

A DRP is more often the term used for the IT Department’s contingency plan in the event of a disaster, cyberattack, outage, or anything that could impact the normal operation of the network or systems that employees need.

Security Awareness and Employee Training

“What does a “strong” password look like?”

A combination of upper/lower case letters, symbols, and numbers, but not a word found in the dictionary or connected to the user personally (names, dates, places). At least 12 characters long. Idea: take the first letter of each word in a sentence that is easy for you to remember. Use long password phrases, rather than single words or hard to remember combinations of characters.

IT Security & Compliance Questions AnsweredDo you have an IT Security question we have not answered?

Your question may be answered under HIPAA Compliance or PCI Standards.  Key terms are also defined in the Loricca Lexicon. If you have a question we have not answered here, please let us know.

Share your question and Loricca’s IT Security and Compliance experts will be happy to answer it. E-mail your question. We will do our best to have the answer for you within one business day.