State Security Breach Notification Laws as of December 16, 2008 and the Conficker worm

March 29, 2009 at 11:38 am Brett A. Scudder 1 comment

This is from an email I sent out to my network distribution list today at 12 noon.

Good day to you,

This is a critical issue that has been highly overlooked and is a bigger problem than most people care to think. For those of us consultants who are responsible for our client’s infrastructure, please help them to understand where these laws apply and how it affects them. I’m bringing in someone from the attorney general’s office to do a presentation on this for us in the coming month. I’m trying to work with their schedule so stay tuned for the date of the meeting.

There are some serious new threats on the loose and the more I look at them is the easier i’m seeing the rate of success in their deliverables. Our organization speaks to these issues and we must understand what they mean for those we’re helping to understand. This new variant of the Conficker worm has some nasty new tricks to it and while following its development and path, i’m more convinced that this is a new level of sophistication way above the rogue Anti-Virus/Anti-Spyware 2008/2009 threat we encountered last year that is still being a major pain point for IT today. Whether this is an April fools days joke or not, as you can see, the financial ramifications of negligence will be heavy.

Get those system (OS, applications, devices) patches updated and current. Most people tend to patch the OS and leave vulnerable applications running with system access to the OS that even fully patched is still vulnerable. Patching is an all round process that applies to the OS, applications running on it and the devices being connected to it. Even the device drivers are a point of entry to a system today so patch them if needed. Check on those security policies and rules and ensure they are up and running. We have a few days before April 1^st so talk with your people about this and let them understand the need for being prudent about it.

Make no mistake people, this is a new age where technology rules and the threats are more real than ever before. This is not someone physically walking in and taking your data, this is someone sitting anywhere in the world and having access to it (if allowed).

I posted this on LinkedIn here http://www.linkedin.com/answers/using-linkedIn/ULI/447971-3071950 for a broader visibility from the business professional’s community. More feedback and input will be found there as well. Spread the word.

Thank you and have a great day,

~Brett A. Scudder~

State Security Breach Notification Laws

As of December 16, 2008

http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm