Ashley Madison: Could It Happen To You? Part 2
So how would I protect my company and my employees?
Thankfully, there are several ways to protect your data and make sure your employees are not affected by hacks. Some of them are so easy, you don’t have to be a techie to implement them.
Educate your employees on smart Internet behaviour
You would be surprised how many hacks start because employees compromise the company’s network security.
But before you start blaming people, understand most employees are not deliberately ruining company security.
It’s like losing company money. Very few employees are actively trying to make their company lose money, but money might still be lost by not winning contracts or clients (neither of which an employee could completely control in the first place).
All that’s needed, is a short reflection session and improvement for the next time.
Employees usually compromise company security by:
- Going to unsafe websites
- Providing personal information where its unnecessary
- Clicking on pop-up ads
- Downloading suspicious files
- Clicking on attention-grabbing links
- Running unknown/untrusted programs on the computer
- Dealing with files from unknown sources
By doing any of the above, you give hackers the opportunity to put viruses into a computer, which then find the information necessary for data infiltration or give hackers information to build their own company account and hack from there.
As the CEO/Managing Director, they might seem like extremely silly actions, but when you realize that Chinese hackers were able to hack into US companies because there was at least one employee who would “click on anything they received”, this is more of a threat than you realize.
It never hurts to have your employees run through a crash course on smart Internet behaviour, create company Internet policies and even block certain websites.
The more you can educate employees on what can hurt the company (and thus put their job at risk), the less employee-related security problems occur.
Get a good IT department to build your IT infrastructure and maintain it
This might sound like a shameless advertisement because this is written by a Managed Services Provider, but there’s a reason for this.
You want your infrastructure built so it is stable, secure and does its job well.
A bad IT department will put it together, but they’re more concerned about all the parts working, and will leave out a lot of steps as long as your network works.
This means your infrastructure won’t be as secure as it could be, with gaping holes and areas that hackers can easily take advantage of in order to get in.
It’s a bit like having a house with only 3 walls. It’s still a house, but you are relying on human decency and kindness when it comes to security.
Unfortunately, human decency and kindness is in short supply in the business world, especially in technology.
A good IT department will properly configure your company infrastructure so that not only does it work, but it is guarded and not vulnerable to attacks.
While proper set-up doesn’t make your company hack-proof, it closes off a lot of opportunities for hackers to get in, resulting in stronger security.
Just like any security system, it needs to be maintained and updated so that it continues to keep data secure. Only good IT departments properly maintain security so that you can sleep well knowing your data is not going to be easily compromised.
Encrypt your data
Data encryption is considered to be one of the most secure ways to protect data. If it is ever compromised, data encryption can make it extremely difficult to read a file.
For you, the owner, data encryption can be decrypted with a key (code) which reveals the file as it is. For everyone else, the data becomes almost useless without the key.
While there are still ways to break encryption, it is much harder to do so (harder than passwords) and requires a different process than passwords. It also requires great resources, which many hackers and groups do not have.
Use multiple managed passwords
We’ve discussed how passwords are no longer as secure as they used to be. That does not mean, however, that they aren’t secure. It just means that true security requires more than just a password.
Using multiple passwords (such as with password protected documents) or requiring a code to be sent to your phone after logging in make your document harder to access and requiring more effort from hackers.
By having a list of different passwords, you can make a document quite secure while making sure that the right people have access.
To be fair, using a managed password list is still quite risky and they can be easily forgotten. Not to mention people can still crack passwords open.
But in cases like these, you’re better off having two passwords instead of just one. The longer it takes to open a document, the harder it is going to be to force it open.
Run penetration testing
Penetration tests are similar to failure tests run in manufacturing. A failure test will test the limits of an object to understand what the maximum constraints are.
This is done, for example, on elevators so we know that they can handle ten times their weight.
Penetration tests will examine every single possible point of attack for a system, noting down where a system can be made vulnerable.
These tests are run by a good IT department, but if you lack one a system administrator can do the same job.
The idea is to find infrastructure vulnerabilities that could be exploited and fix those so they can no longer be targeted by hackers. This isn’t always made obvious, mainly because in order to be able to penetrate a system, someone must know how to get in. Most IT professionals do not claim to be hackers.
That doesn’t mean they can’t do penetration testing, but the best results usually require someone who has hacking knowledge. This is why you see hackers being recruited by the government; you need someone who is an expert in breaking in to create something that people can’t break into.
With penetration testing, your IT department or staff can guard itself against threats and reduce the likelihood of being hacked.
It is possible to not be just like Ashley Madison
By understanding how hackers can gain access to your data, it is possible to strengthen security to protect yourself against the situation Ashley Madison experienced.
While critics may come out and say that there is no such thing as a system that cannot be hacked, just because that is true doesn’t mean you can’t and shouldn’t protect yourself.
If your data needs to be secure and you know it could be bad if it was leaked, no matter how small your company may be, you need proper security measures in place.
We hope you enjoyed this article! If you liked it, share it with your friends and family, and follow us on Facebook, on Twitter @mspblueshift and on LinkedIn!. Call us at 1300 501 677 for a look at your IT today!