At the beginning of December Sony Pictures fell victim to a huge data security breach, leaking contents of the new film ‘The Interview’ as well as many staff personal details and emails. It could be worrying to many businesses that if a company as advanced as Sony is vulnerable to such attacks, how might smaller businesses hope to protect themselves from hackers?
However, you shouldn’t worry too much, a company like Sony are a high profile target. With a few basic precautions most companies can mitigate a lot of the risks of being attacked.
Use Strong Passwords
Strong passwords are just the first step to sufficiently protecting your data. A weak password is only marginally more secure than having no password at all. Completely random and seemingly nonsensical passwords that appear impossible for a human to remember are the best type of passwords. However, these do pose a problem in that end users do need to remember them. Here is a good tutorial on how to create a strong password that you could still remember.
Store Passwords Safely
There’s no point in having complex passwords if they aren’t stored safely. This doesn’t mean simply avoiding the obvious error of storing password information alongside the files that the passwords are protecting (you’d be surprised how many people actually do this). Safely storing passwords also means doing more than naming the file containing passwords something other than ‘password’.
In fact, any hacker will be able to do a simple text search of a file to find keywords such as ‘Twitter’ and ‘Payroll’ to see what information is kept in that document. This means that even misleading names (e.g. junk) will be useless in these situations. Instead, you should safely store your password in a password management tool, such as LastPass or 1Password to avoid hackers discovering them.
Use Two-Factor Authentication
It’s clear that, however the hackers got into Sony’s files, they bypassed some security features. With two-factor authentication, the knowledge of a mere password won’t be enough for an attacker to be successful. It requires users to prove their identity by entering both a password and a unique code that is sent to their smartphone or generated using an authenticator app. The great thing about this system is also that it can alert a user if someone attempts, but fails, to log into the account, meaning that you’d be aware of a potential hacker.
While it’s difficult to say whether a system such as Two-Factor Authentication could have prevented the Sony scandal, it would have been an extra barrier for the attackers to overcome. Use a similar system on all of your important accounts, and if they don’t yet have it, request it.
It’s Worth Paying for Security
The initial cost of data security may be off putting, but it will certainly cost you less in the long run than falling victim of a data security breach. Imagine how much you would have to pay for the cleanup of such an attack, especially if the attackers were able to get into any financial documents or if they leaked competitive information.
For Sony this isn’t the first data breach they have experienced. In 2011 the ICO fined Sony £250,000 over their negligence in an incident involving customers Playstation IDs that got hacked.
Of course, it isn’t possible to say that Sony could have avoided this attack, even if they did make use of each of these suggestions, but they would have been in a much better position.
It is not only current data that is at risk. When you are looking to dispose of old technology and storage systems you also need to ensure these do not pose a data loss risk.
Talk to us today on 0845 600 4696 to find out how we can help with the secure disposal of your IT Assets.
[Photo Credit: random letters ]
