Tuesday 5 July 2011

Client Information Security – Beyond the Data

Rhetorical Questions:

  • How many of us that work with SBS/SMB have the _same_ domain administrator’s name and password across all of our client’s deployments?
  • How many of us use the same or similar password for Web based services?
  • How many of us use a password vault of some sort for all usernames and passwords thus providing a single point of entry to the treasure beyond?

If we are compromised in any way and any of the above holds true, our business could be dead in the water.

We have made many mistakes over the years, some very much in line with the above. As we have grown to understand the implications of our responsibility for our client’s data and its security we have taken many steps to tighten things up on our end.

Fellow MVP Dana Epp of Scorpion Software has started a series called Beyond The Data to help us understand the scope of our information security related responsibilities.

Since we wear many hats for our SMB/SBS clients, we need to be conscious of all of the attack vectors against our clients _including our own businesses holding their domain admin usernames and passwords_.

Watching Dana’s videos will be one very informative way on broadening our knowledge and experience and thus help us to tighten up our own security practices:

Microsoft MVP Dana Epp discusses information security and management.

Philip Elder
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

No comments: