-
-
Check out our applications -
subscribe to RSS
Get email updates every time we post!
It’s the boring stuff that underpins your business
US broker-dealer Commonwealth Financial Network has been fined $100,000 for failing to insist its registered representatives maintain anti-virus software on their computers. The failure led to an intruder gaining access to the firm’s Intranet, accessing customer accounts and entering unauthorised purchase orders worth over $523,000.
According to an SEC cease and desist order – first published by ZDNet – an intruder used a computer virus in November 2008 to obtain the login credentials of a Commonwealth registered representative.
Some time later that month, the intruder used the login credentials to enter Commonwealth’s Intranet site and view information on how to execute trades.
An interesting article to read illustrating how a lack of process and technology has resulted in this company being fined by the SEC. It’s the boring stuff that really does matter and I know as a ‘server guy’ or dare I say it geek that matters and underpins your business. By the boring stuff we mean things like:
- Secure passwords which change regularly
- Service accounts which separate an application, an administrator and support team roles
- Screen savers with password locks
- Anti virus software that is patched, up to date and supported, that’s scanning what it needs to and is configured to your business
- Firmware/drivers and security patches which can affect the reliability of your system and prevent unexpected behaviour or security risks
- Secured shares with groups so we can manage from a top down approach
- Where possible applications which separate roles so we haven’t got central points of failure/exploit
It could happen to any business and I suspect that if you took a walk around any city there would be potential issues that could be identified on any system, with that in mind we need to cover the basics as best as we can, sign of the risk where the risk vs cost/business interests might be acceptable and do the due diligence part to provide an industrial strength, scalable and adaptable platform.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Leave a Reply
Recent Posts
Categories
Recent Comments
- Data centers on Joining the cloud computing space
- Tom on BuildMyVirtual - our Self Service Virtualization Portal goes online for free download shortly
- scott Paradis on What's in a name - quite a lot you know
- martin237 on How to reboot the HP ILO/kick off a hung session
- Steve Khan on What's the ILO and how do I connect to it?
- Mahmoud Moataz on How to reboot the HP ILO/kick off a hung session
- ST2 on Virtual mobile handset please
- Allan on How to reboot the HP ILO/kick off a hung session
- Chris Rugh on Vendor engagement and real world opportunities
- Ray McLemore on HP Converged Infrastructure enhances trade capacity and execution
