Hack…hack.. hack!! Sorry, I had a hairball! Sorry; I couldn’t resist the urge to mock felines, who actually cough things up. Or so I’m told. Today, we are talking about those nefarious hackers and cybercrime. With the recent hack of various Gmail accounts by cyber criminals, companies are again casting an eye at ways to ensure data security and circumvent the risks associated with cyber crime. Cyber attacks are particularly difficult for law enforcement because they occur anonymously over great distances and are often conducted by highly intelligent individuals who are skilled at covering their digital tracks. Sounds just like that band of kitties that I know is behind a string of recent bank robberies. If only I could find proof!
The disruption caused by cyber attack presents businesses with more than just a minor annoyance. High profile breaches, such as the recent attack on Sony’s PlayStation Network, caused significant losses, as thousands of insecure customers bugged out. As a result, Sony claimed to have lost more than $170 million as a result of the breach.
For some entities, such as utilities or defense contractors, cyber attacks cause disruptions which go far beyond the scope of financial loss. A recent survey of senior level IT professionals indicated that they hold cyber crime to be the most dangerous threat for their business, ranking above the fear of natural disasters.
Details of the Recent Gmail Account Hacks:
- Some of the hacked accounts included senior U.S. Government officials, Chinese political activists, and journalists, prompting many to suspect that the Chinese government had something to do with the attack.
- The accounts were compromised through a phishing attack, which involves gaining access to an account by presenting the user with a legitimate-looking, fraudulent emails or texts. (Many bank customers have been caught by phishing schemes where the crook will say he represents the client’s bank and needs user account information). Someone tried to trick me into giving them my Petco rewards number. No dice!
- The Gmail criminals used information from hacked email accounts to contact and infiltrate other user accounts, since people tend to trust messages sent from someone they know.
What Can Businesses Do to Better Safeguard Electronic Information? The RJWestmore Online Training System encrypts all passwords to protect client data. Other ideas for safeguarding information include:
- Establish robust firewalls to prevent intrusions. For years, I thought you people literally built a wall of fire around the server room. I realize now I was mistaken.
- Conduct an internal employee survey to find out how many of your employees are using “1234” for their password. Prepare to be shocked by the results. (I use “bowzer27” for all of my passwords. Wait, is this going on the internet? Oops.) Require employees to follow set procedures for password creation and changing of passwords at regular intervals.
- A popular method for creating hack-resistant passwords is to think of a phrase such as “I love gravy covered pork chops.” Then, use the first letter of each word from the phrase to create a password: “ILGCPC.” Then, to mix it up further, add two or three memorable numbers and a symbol to the mix: IL$GC&PC@. Also, use different cases instead of all caps or lowercase letters: Il$gC&Pc&. Breaking a password this complicated will keep hackers at bay, since easily-cracked “1234” passwords are easier targets of opportunity. (This is for the same reason thieves prefer to break into cars that have open windows and keys in the ignition rather than vehicles that are locked and armed with alarms.)
- Password reset software can be used following a breach to bring passwords back.
- Review outside vendors who have access to your data. Even if your company has state of the art protection, it is worthless if one of your vendors operates in an open environment which can easily be hacked.
- Carefully guard client email lists and account numbers. The recent loss of email data by Epsilon cost the company millions of dollars, as customers canceled their credit cards after they discovered their data had been compromised. That’s why I’m old school; I only use cash or bones as currency.
- Run routine security updates on your computer system. But be careful not to click on screen messages from anyone other than the system you subscribe to. Make sure that your employees know they should do a hard reset (manual shut-down) if anything out of the ordinary appears on their computer screens. When I suspect a hacker, I simply growl at the computer and scare it away.
A breach not only costs time and money in the short term, but it can be detrimental to customer perception and trust. This is especially true of companies that hold customer data such as social security numbers or financial information. Virtual disasters should demand the same foresight and planning as natural large-scale events such as floods, fires and earthquakes.
When a disaster strikes, prior planning and clear decisive action can help save lives. For the latest emergency management training for facility/building managers, contact RJ Westmore, Inc. Our new Version 2.0 e-based training system offers the best emergency training system with automated and integrated features. Visit RJWestmore.com for more information and remember to BE SAFE.