Hacking the Cloud and other Cyber Attack Lessons
What do nude photographs of Hollywood stars have to do with information security in the workplace? Everything, really.
When hackers recently accessed private photographs of Jennifer Lawrence and other celebrities, the incident helped to put the spotlight on the enormity of the computer hacking problem.
Past the halfway point in 2014, there have been more than 100 large cyber attacks – which is double the number that occurred during all of 2013, according to threat protection solutions company Arbor Networks. The company monitors cyber attack traffic and threats around the world.
Cyber criminals target computer information systems, networks, and personal computer devices in various ways ranging from simply installing spyware onto PCs to compromising entire computer infrastructures. Then, attackers use the private information they have stolen to commit identity theft and other related criminal activities or they sell it on the black market.
Some of the high profile security breach incidents this year include:
1.3 million Montana Health Department patient records containing Social Security numbers, insurance information, etc. compromised;
4.5 million Community Health Systems patients' information hacked;
Thousands of P.F. Chang chain restaurant goers' credit and debit card information breached;
While many data breach incidents of varying sizes and in industries across the board likely still go unreported, the importance of committing to total information security in the workplace has never been so critical.
Here are some important steps every business should take:
Create a culture of total security. An organization’s security strategies, policies, procedures, and overall security form the foundation of a company’s culture of security. Security policies should comply with national identity theft and privacy laws.
Utilize the most up-to-date IT tools such as encryption, anti-virus protection, two-factor authentication, and restricted levels of access. According to the Verizon 2014 Data Breach Investigations Report, attackers are mainly going for payment and bank data. Hacking and malware are the most popular attack methods.
Identify potential risks that may threaten the security of the organization’s confidential information – and find solutions. Here is a free online security risk assessment.
Focus on employees as the first line of defense. The Verizon report recommends training staff in secure document management and destruction. Training should be on-going and provide practical information.
Improve physical security too. Not all data thefts happen online – in fact, 49% of miscellaneous errors in the Verizon report involved printed documents. Introduce a Clean Desk policy, and partner with a document shredding company that provides locked containers for office paper and secure on or off site shredding services that utilize cross cut shredder technology. Implement a shred-all policy, making sure all paper documents and hard drives and other e-media are securely destroyed when they are no longer needed.
In this age of increased hacking and security threats, find out the role that secure document management and disposal plays in crisis prevention and planning.