Russian Military hackers, cyber warfare…. Unstoppable forces of cyber espionage at play. Or was it so unstoppable?
When I hear of “hacking” I envision a room full of fast typing millennials yelling “I’m past the first firewall…” dramatic music, more fast typing, “Ok, I am in.” It seems the Russian hackers had an easier time getting into the systems of their targets. The Russians went phishing!
Did you know that the Russian “hack” of the Clinton Campaign resulted from the Campaign Chairman, John Podesta, opening a phishing email posing as an email from Google telling him he had to click a link and change his password? You can read the details of how it went down in this story from CBS News.
The bottom line is, while security protocols were initially followed, there was a breakdown in the staff response and 40,000 emails were stolen.
Has this ever happened to you? What were the consequences and lessons?
Cyber Security tips
- Be proactive and take steps to reduce the chances of your personal or company systems will be exposed to hacking and email phishing schemes.
- Develop and enforce a strong password policy with a mix of letters, numbers, and symbols that are frequently changed. One of the easiest ways for cyber criminals to access a business’ assets is by walking through the virtual “open door” that employees provide when using weak passwords. To correct that situation, it’s a good idea for businesses to establish a written password policy requiring strong passwords (e.g., a mix of letters, numbers and symbols) that are frequently changed. Passwords should also be changed automatically or accounts marked inactive when employees leave the company.
- Train your staff on cyber security. Conduct regular training for employees about how to be cyber aware. Owners should inform employees of the role they play in preventing a cyber breach. It’s all too easy for malicious software to hitch a ride into the company server when company laptops or other devices are used off-site and later connected to the internal network. The best ways to establish positive and secure habits within your company’s workforce is with regularly scheduled training and education.
- You should also restrict access to sensitive information by only allowing management or those who require that information for company operations, to have access.
- Update IT equipment and deploy security software. Even basic security offerings feature similar technology to those used by major companies. Outdated operating systems and computers can be a risk because they are vulnerable to more sophisticated hacking techniques and newer forms of malware. At the same time, it’s important for SMEs to monitor those who have legitimate access to their computer network, as well as to monitor the network itself. Although small businesses do not typically have information security experts within their organization, they can access basic downloadable software offerings that deploy some of the same technology solutions used by major companies within minutes.
- Create a Cyber Incident Response Plan. A dedicated and prepared team of cyber responders consisting of both employees and outside service providers can work toward a resolution for certain cyber incidents more quickly.
- Purchase Cyber Insurance. In addition to the above steps, businesses can more fully cover their assets and cash flow by purchasing cyber insurance. The cost of insurance will almost always be far less than the cost of shutting down a business in the wake of one or more cyber attacks. And cyber insurance, such packaged with some of the services mentioned above.