Data interrupted: Could you get hacked like Sony?
Wednesday, December 17, 2014/
So now that we all know Angelina Jolie is apparently a “minimally talented, spoiled brat”, my final word for 2014 is to watch your back!
As we hear more and see more published that was stolen or leaked from Sony it is apparent that we are all at risk of data breaches from inside and outside our organisations.
When I started my business at age 35, a wise businessman called me on being a bit immature. I took risks, I said inappropriate things and I thought I could get away with more than I really could. He said, “David you do not have to grow up, but, business is the ultimate teacher. If you don’t grow up, business will teach you lessons you do not want to learn.”
Fortunately, I started small and grew up quickly learning the importance of good contracts, good work practices and mature communication.
In 2015, Australian IT security practices will need to mature from our current laid back, lackadaisical approach to robust and mature systems that protect our staff and clients’ privacy and our company IP and communications.
If you are a business owner, board member, CEO or CIO and if you have computers connected to the internet you are at risk. No matter where your data is or how well your staff are trained on safe computing practices, you have risk and exposure.
In 2015 we will see more companies with public exposure of the scale of Sony’s recent breach. Some will make the headlines but many will go completely unnoticed until the very expensive impact is felt by the business owners. The Sony breach will be measured in hundreds of millions of dollars in losses plus a relatively small amount in direct cost of containment and rectification.
We know that our small business systems lack any form of intrusion monitoring today, even larger businesses and government agencies with legacy systems have relatively poor auditing of access or abuse.
In the years ahead, the need for greater protection will become imperative for most businesses. Cloud computing will offer some solutions and some new problems with data being released to courts by cloud service providers under subpoena or court order. The US Government case against Microsoft is continuing, with the industry getting behind Microsoft, but this is for data held outside of the USA. There is no mention what happens when the data is local. So now people are talking about the issues of controlling data in the cloud as a new security frontier.
The world of computer viruses with worms and trojans is also mutating faster than ever. This year many businesses have already been caught out by the CryptoLocker viruses and this trend is set to continue as the creators learn more ways to get paid for their destructive work. As discussed in my previous article, the best defence against these attacks is to have a great backup system with regular snapshots of the data and system files for quick recovery. This will become more important as our reliance on data increases and the safety of our small networks decreases.
The real key to staying as safe as possible is to keep IT systems up to date with the latest security solutions such as:
- Up-to-date antivirus software with regular updates throughout the day.
- Web-based email filtering, before it hits your network or server
- Website filtering
- Firewalls for each office, with updates and monitoring
- Backup for all data and systems, even the PCs
- Encryption of data outside your office or network: (a) mobile device management to encrypt data between the device and the server (b) pre-cloud data encryption for data stored in others systems (c) encryption of laptop and tablet hard drives.
- Secured networks for company data, consider private networks between offices rather than just internet connections and VPNs.
- Updated and fully patched hardware, operating systems and applications.
In short, if your business is scaling up in 2015, get good advice and set a realistic budget to put security in place as you grow. If your IT people are not filling you with confidence on their understanding of modern security solutions and requirements, do not wait for confirmation that they are putting you at risk.
While it is expensive to get the systems right, it is always more expensive to fix a situation after the event. The hackers out there are motivated by very large financial gains at your expense.
This is not the time to be complacent, whether you have one PC or a network of thousands as Sony does. The next couple of years will be a heyday for the hackers until complacent business people learn that secure IT is an essential investment.
David Markus is the founder of Combo – the IT services company that is known for solving business problems with IT. How can we help?