Hacking into Corporate Computers – How to Better Secure your Data

Security Breaches

In mid 2014, a Pennsylvanian U.S. grand jury charged the Peoples Liberation Army (China) with 31 counts of cyber espionage. The charges were the end product of an investigation into security breaches at five U.S. companies and one U.S. labor union. The Chinese government denied responsibility, and after the President Xi Jinping and President Barack Obama met later that year to discuss trade and world affairs, China pledged to do more to help curb cyber hacking attacks.

Then in December of 2014, a suspected North Korean attack on Sony resulted in substantial breaches of emails and employee information. Again, the government denied involvement, and more promises to work to decrease cyber-threats.

You are on your own

I could go on, and recount the numerous other attacks based either from other countries (Russia, Nigeria, Iran, Syria, etc.) or from groups within the US. But I think the message is clear; you are on your own. If you don’t take your own security seriously you get what seems to be inevitably coming to you.

Common ways security is breached:

  • Enterprise-wide, or regional networks were accessed while a company was building power plants in a developing country.
  • Phishing emails were sent to company employees directly while the company was participating in trade cases with foreign steel companies. This allowed malware to be installed on corporate computers and thieves used to steal hostnames & descriptions of other corporate computers.
  • Network access credentials stolen during a public trade dispute with a Foreign state-owned enterprise.
  • Bulk quantities of emails were stolen while a company was involved in a public trade dispute with Foreign state-owned corporations.
  • Three weeks after a joint partnership with a foreign company, phishing e-mails were used to acquire thousands of e-mail messages, attachments and other documents from the company’s computer network.
  • A contractor (3rd-party vendor) hired to do IT maintenance was infiltrated by cyber-thieves and recorded thousands of credit card account numbers using modified devices that they had been hired to maintain.
  • Disgruntled employee of “x” number of years, decides to sell secrets, or access to network of US company.
  • Interns, new college hires from foreign lands, or foreign students graduating from US top-tier colleges, work within a company, gain access, remove information and then travel back to their homeland.

Given all these access points, what can be done?

Create a Code of Conduct

Create a Code of Conduct document on what is expected of employees, and the consequences of misbehavior. Update as necessary and make sure all employees, new and tenured have the current copy.

Schedule Frequent and Regular ‘Shred events”

Give employees the time and ability to remove old version and destroy extra copies of sensitive documents.

Conduct Audits on Regular Basis

Have designated team audit document storage, and electronic files of employees in a random order. Learn from each audit and make system-wide improvements. Don’t make the audit findings the fault of the employee, make them the fault of the system that fails to support the employee doing the right thing.

Upgrade all your software, and maintain its versions

This is not just for anti-virus software, but all communication software (mobile apps, cloud-based storage apps, legacy operating systems, lap-top based software used in sales, etc.)

Create Usernames, Access Levels & Tough Passwords

Very basic steps, yet many small to mid-sized companies that service the larger corporations fail to do this, allowing access to emails from the corporate customer. A tough password has at least 8 characters, a mix of numbers, symbols, letters, and upper and lower case.

Change Passwords Every 30 to 45 days

Change passwords on a regular basis and “Lock-Out” workstations when not in use. 65% of computer users use the same password across multiple accounts and fail to change it unless directed to by the software program.

Have Emergency Plans and Response Order

Develop a plan for each possible threat your company faces, such as robbery, theft, fire, hurricane, and violence in the workplace. Designate a response team or person and give them the authority and knowledge to act on behalf of the company in the event of the emergency.

Disconnect from the Web

Consider having dedicated computers connected to the outside world, and all others only connected to each other. This is common practice in highly secure organizations such as nuclear power plants, weapons facilities, utility grid control centers.

Sources:

http://www.businessinsider.com/us-china-spying-charges-2014-5

http://www.reuters.com/article/2014/01/22/us-russia-cyberespionage-idUSBREA0L07Q20140122

http://www.businesssecurity.net/business-espionage/

http://www.securityweek.com/study-reveals-75-percent-individuals-use-same-password-social-networking-and-email

Leave a Reply

Your email address will not be published. Required fields are marked *

Popular Articles

Contributed Content Disclaimer

The content and opinions expressed here are exclusively those of the author and do not necessarily represent Factory of the Future, LLC or its staff. Please see our Community GuidelinesHow to Advertise and Terms Agreement.

How to Advertise

There are 6 Free and 3 Paid ways to advertise on FactoryoftheFuture.Org. Please see: How to Advertise.

Advertising Disclaimer

Advertisements for products or services do not constitute an endorsement by FactoryoftheFuture.org, does not imply any partnership and we do not make any representation of these parties. Listing here does not constitute a warranty or guarantee of performance, durability or safety. It is the User’s responsibility to verify through samples, tests and inquiry to Advertisers that performance criteria are met. The information within these Advertisements is considered a member benefit and is provided as goodwill and correct to the best of Factory of the Future, LLC’s information, knowledge and belief.