Rochester MI (PRWEB) March 05, 2013
A national staffing firm, seeking to comply with government procurement and HIPAA security requirements for contractors and business associates, engaged High Bit Security to perform penetration testing,and was surprised and disturbed by the results.
“The customer had a fire wall, and had taken numerous other steps they believed would make them secure,” said High Bit Security Chief Business Development Officer, Barbara Goushaw. “They engaged us to perform penetration testing (an external and internal IT security assessment of their network, web applications, workstations, servers, printers and wireless systems), in order to obtain the security documentation that clients required. They genuinely expected our testing would prove them to be secure. They were mortified when their report came back with multiple ways that their contractor personally identifiable information (PII) – including names, addresses, social security, drivers license, and health insurance numbers - could have been compromised by a hacker. ”
“Staffing firms/agencies are routinely targeted, given the significant amount of personal information that is contained on their systems,” said High Bit Security Chief Operations Officer, Adam Goslin. “Our 2012 Annual Report showed over 95% of businesses we tested had significant vulnerabilities, and almost all of these companies were running regular vulnerability scanning. There have been numerous recent reports of staffing agencies being hacked, then blackmailed by hackers to prevent public disclosure of the breach.”
“Upon receipt of our penetration testing report, the firms’ IT staff was able to begin immediately to fix the vulnerabilities identified,” said Goslin. “The report detailed what we found, where we found it, what it meant, and specifics on how to fix it. Within just a few days, they came back to us and said they were ready to re-test. Once all of the issues had been remediated and confirmed by High Bit Security certified penetration testers, we were able to provide them with a customer facing report, which did not detail the sensitive information about their environment, but did confirm the timing, high level scope and nature of penetration testing performed, along with the confirmations the client desired.”
“Performing this testing enabled them to include their security commitment in their sales presentation. They have since decided it is in their best interest (and that of their customers / contractors) to implement an annual penetration testing cycle in addition to their other security measures,” said Goushaw. “They no longer wait for clients to demand proof of security testing. Keeping client information secure is now part of their value proposition.”
The complete report of the vulnerabilities identified during this test can be reviewed on the High Bit Security case studies pages along with several other High Bit Security case studies, which anonymously provide details of the testing results of various types of engagements. “We will continue to update this section of the site, as many business owners / managers have no idea just how insecure their systems may be, and we hope our educational efforts take hold before the hackers visit one of our prospective customers,” concluded Goslin.
About High Bit Security:
High Bit Security is a national security services provider, providing penetration testing solutions to clients who need to protect sensitive data in industries such as Healthcare, Credit Card, Financial, or companies that otherwise store Intellectual Property or Personally Identifiable Information. High Bit Security also provides security consulting services to our clients to assist them with their compliance objectives across PCI-DSS, PA-DSS, HIPAA, SSAE-16 or simply wish to perform a security best practices audit of their organization. Contact High Bit Security today for a free consultation to take steps toward protecting your sensitive information. http://www.HighBitSecurity.com 800-757-3144