Cloud, Minturn & Associates, LLC
Serving A Select Clientele With Personalized Service Since 1986

Cyber Theft & Espionage


What every business needs to know about

data breaches

The culprit is often someone close  to your business. A surprisingly large proportion of data breaches are carried out by insiders -- over half by some estimates-- or by business partners. A trusted employee could be the culprit.

The perpetrator could live halfway around the globe. To vandalize your building, a criminal must be on-site. But a hacker can operate from anywhere in the world. Organized cyber crime rings operate worldwide 24/7.

Size doesn't matter. Half of all companies that suffer data breaches have fewer than 1,000 employees.

Any company can be hit. Cyber criminals don't care where they steal private information from: retailers, health care institutions, manufacturers, professional service providers, media and entertainment companies, and financial institutions are all likely to be targeted. 

A breach can result from a simple mistake.  An employee might misplace a laptop, Blackberry, or computer tapes or leave these in an unsecured location, such as an unlocked car.

Cyber risk is steadily increasing. Data breaches affect hundreds of millions of records a year and reports of breaches continue to rise at a dramatic rate.


10 Steps To Help Protect Your Database

All units should have antivirus software installed and updated
 regularly ie: "Norton or McAfee".  Run virus scans regularly.
All hard copy (paper) documentation should be shredded
 when not needed. Don't let employees make the decisions, shred it
 all.  Services are available to come to your location and do it on

 Change passwords frequently and use a combination of at least 8


 letters, numerals, and signs.  Do not use names or words.  There is


 software that can conduct 60,000 combinations of searches per


 second to obtain your password.


 If you use a remote access software such as "GoToMYPC" reboot


 your office computer when not on line.


 Use a separate locked room for your server where service work is


 limited (no cleaning crew).


 Disable USB ports and Disc Drives on stations when they are not


 needed.  This will help cut down on internal theft by disgruntled




  Minimize administrative privileges to only users who need them.


 Such users should use a separate unprivileged account for email


 and web browsing.


Install Monitoring Software on any unit that has access to the


 internet-web browser and email. Contact Cloud, Minturn &


 Associates, LLC for additional information on this subject.


Create a tough employee handbook policy that each employee


 must sign.  Policy must advise that there is monitoring software


 installed.  Contact Cloud, Minturn & Associates, LLC for additional


 information on this subject. 


Provide an Internet Cafe dedicate a unit that is NOT connected to


 your network for Google searches etc.

California S.B. 1386

The law became operative on July 1, 2003

This personal information privacy law requires any organization (state agency, person or business) conducting business in California and processing personal information for California residents to disclose any information security breach to California residents whose unencrypted personal information was obtained by an unauthorized person.

Notifications can be delayed if law enforcement determines it could hinder a criminal investigation. S.B. 1386 will preempt all local regulation of this issue.

What is "personal information"?

"Personal information" includes a person's first name or first initial and last name in combination with any one of the following when at least one of the pieces of information is not encrypted:

Social security number

Driver's license number or California Identification Card number

Account number, credit or debit card number, in combination with any required security code, access code, or password that allows access to a financial account.

What constitutes a "breach of the system"?

A "breach of the security of the system" is unauthorized "acquisition" of personal information resulting from a security compromise in the

organization's computer systems.

How must individuals be given "notice"?

Written notice

Electronic notice

Often overlooked is the potential loss of confidence in your organization by your customers and potential customers when a security breach occurs.