by Salvatore Sparace\n\nOn July 9th The New York Times reported, \u201cChinese hackers in March were able to compromise the US Government\u2019s network that houses the Office of Personnel Management Database. They appeared to be targeting files on tens of thousands of applicants for security clearances.\u201d The report traveled quickly across the major news outlets with officials unable to comment on the extent of the act.\nCyber-attacks against our nation\u2019s government occur nearly on a daily basis. Since we are such a target, leaders have increased federal involvement in protecting the nation\u2019s privately-owned critical infrastructure. And in 2010, the Administration tasked the Department of Homeland Security to lead the federal government\u2019s efforts to secure its own computers. The journey revealed that some of the most alarming weaknesses were dangerously close to home.\nThe Federal Government\u2019s Track Record on Cybersecurity and Critical Infrastructure report released in February of 2014 stated, \u201cEleven servers checked by the Office of the Inspector General (OIG) last year had no password protections or default\/weak passwords, meaning an attacker could gain access to the systems, and could use them to attack other systems on the Department\u2019s network. One of the unprotected machines the OIG found was a payroll server, which was configured to allow remote access to anyone, without a username or password.\u201d Other vulnerabilities included numerous anti-virus software updates that had not yet been installed. This just goes to show that even the most sophisticated organizations need to stay vigilant when it comes to security.\nThe Ponemon Institute released its 2014 Cost of Data Breach: Global Analysis earlier this year in May. According to the findings, \u201cThroughout the world, companies are finding that data breaches have become as common as a cold but far more expensive to treat.\u201c\nThe report shows that most companies had to spend more on their investigations, notification, and response when their sensitive and confidential information was lost or stolen. As revealed in report, the average cost to a company was $3.5 million in US dollars and 15% more than what it cost last year. US companies had the highest costs at $195 per record. There was some good news: the research reveals that having business continuity management involved in the remediation of the breach can reduce the cost by an average of $8.98 per compromised record.\nWith the number of cyber threats increasing at an alarming rate, we encourage our customers to take a more active role in information security awareness. We reinforce the need for forming, as well as following, diligent security best practices. For example:\n\nRevisiting user training and awareness regularly\nUtilizing mechanisms for intrusion detection\/prevention systems\nNetwork traffic monitoring\nPeriodic log audits\nAdhering to compliancy guidelines when applicable\n\nIn addition, everyone should re-evaluate their own acceptable level of risk. Make sure you know the answers to questions such as \u201cWhat type of data is on my network?\u201d\u00a0\u201cWhat damage or loss could the organization suffer if it\u2019s compromised?\u201d \u201cWhat level of effort will be endorsed to protect data?\u201d\nOf course, the next evaluation is the costs associated with a loss, such as:\n\nConducting investigations\nOrganizing the incident response team\nPublic relations outreach\nAudit and consulting services\nLegal services\nLost customer business\nNew customer acquisition\n\nThe experts at PC Connection believe you can absolutely take measures to protect your organization and minimize risk. Even the most secure networks can be compromised. By taking a neutral or not participative stance in information security, an organization is almost assuredly going to run into serious pitfalls down the road. Better to be safe than sorry.