What the Latest Data Breach Tells Us about Network Security, Data Integrity, and Social Engineering

 

Another week, another data breach — at least that’s what it felt like when the federal government revealed last week that the Justice Department and the Department of Homeland Security had employee information hacked.

Initial reports indicate that no sensitive information was stolen; apparently, the majority of the data breach concerned email addresses, phone numbers, and job titles for nearly 30,000 federal employees. The big difference with this breach stems from the fact that it wasn’t a cyberattack that penetrated the government’s computer systems — instead, a hacker impersonated a government employee and used their credentials to access sensitive parts of the system.

Often referred to as “social engineering,” this kind of breach involves culling personal information from social media and using it to determine passwords. Which means that even the best network security in the world — and if anyone has it, it’s the federal government — couldn’t have stopped this attack.

Of course, that doesn’t mean that certain measures aren’t critical to data integrity. In fact, without strong firewalls, data encryption measures, and reliable backup and disaster recovery systems, chances are this breach could have been much worse.

So what could have prevented this breach?

• Comprehensive password management. This goes beyond simply creating strong and unique passwords that use a random mixture of upper-and lower-case letters, numbers, and symbols. It also includes smart management of the passwords you create: using two-factor authentication whenever possible, employing a password management tool, and monitoring social media accounts and email addresses (especially those you don’t use very often) for unusual activity.

• A more diligent approach to email attachments and links. There’s no easier way for hackers to access your information (including usernames and passwords — the holy grail of social engineering attempts) than through malware installed after a user opens an infected email attachment or clicks on a link that redirects to suspicious sites. The main takeaway here is DO NOT CLICK ON ANY EMAIL ATTACHMENT OR EMBEDDED LINK UNLESS YOU TRUST THE SENDER OR SOURCE AND ARE EXPECTING SAID ATTACHMENT OR LINK.

• Implement comprehensive network security. CMIT Solutions’ philosophy on IT service is proactive, not reactive: we monitor our clients’ systems 24×7 so that we can identify, prevent, and resolve issues before they affect productivity, efficiency, and security, not after they’ve already incurred downtime. From firewalls to anti-virus, anti-spam, and anti-malware software to data encryption to content filtering and other targeted tools, we believe the “umbrella” approach gives businesses the best chance to stay secure.

• Treat your data like the life of your business depends on it. Guess what? It probably does. How long could your business operate without its critical information? How quickly would you need it to be recovered to bounce back from a catastrophic event? Studies show that backup and disaster recovery is integral to business success — the Small Business Administration estimates that 45% of companies that suffer from data loss never recover.

• If you’re in an industry like health care, legal, or financial, the smallest breach could have significant civil and criminal ramifications. A recent report by Redspin found that 98% of protected health information leaks in 2015 were caused by IT incidents, compared to just 53% in 2014, with an 11,000% increase overall in breaches — NBC News claimed that one in three Americans had their health records compromised without even knowing it. That means hackers are working harder than ever to steal sensitive information, especially in the health care realm, where one stolen record can sell for 10 times as much on the black market as a stolen credit card.

How safe and secure is your data? How about your computers, mobile devices, and other systems? Do you have policies and procedures in place to protect your business and your employees from a data breach or cyberattack? If you’re unsure of the answer to any of these questions, contact CMIT Solutions. We worry about IT so you don’t have to.

Administrator