Breach of data is a nightmare that every company dreads – we’ve all heard the horror stories; Facebook’s year-long breach exposing 6 million user’s email addresses and telephone numbers in 2013, the major leak of O2 customer information sent in website code to servers when users were browsing the web in 2012, and even mega brand Google exposing full contact lists of Gmail users in 2006!
Such major blue chip companies in theory should have stringent measures in place to prevent against any such leaks, but there will always be a hacker trying to game the system and breach security, which is why it’s so important to keep all preventative measures up to date and maintain constant surveillance to identify any possible breaches as soon as possible. Every company should have at the very least an anti-virus and firewall system in place, and ensure that all documents, folders and accessible areas containing sensitive information are protected by unique password systems. The major data losses suffered by OPM recently have further served to highlight the increasing problem of companies running old systems that cannot compete with the technologically advanced world we live in, as well as the issues that can so easily arise when best practices are ignored, and security is threatened as a result!
As well as ensuring that security systems are in place and maintained, it is important to ensure that all users of company systems are adhering to the correct security protocols, such as encryption, digital certification, spam filters on email servers and password protection across all sensitive documents. This may seem common-sense to some, but overkill to others, and it’s important that everybody is aware of the potential dangers if these systems aren’t used.
Exploitation of Computers and Files
Using documents as an example, it’s almost child’s play for a hacker to craft a file that will then exploit the program used to load it. For example, once an exploited PDF is opened, it will then be able to crash the program in use before the file has even loaded, access the internet and then download malware to the user’s computer. Users may not even be aware this has happened, because the “crash” won’t be visible; instead, a dummy PDF will open to make the victim think there’s been no breach of data. Once malware is installed, it can then access all of the programs and Internet access on the computer, unless a robust antivirus and spyware detector is in place. The majority of hacked files are sent via spam emails and/or downloaded from websites, so it’s important to ensure employees’ recognise a potential threat and don’t open unknown attachments or download from untrusted connections.
What about legitimate document vulnerability? If a hacker has managed to access your computer via malware, virus or infected website, they’ll then have access to all of the files available via the computer – and this includes documents saved to shared areas such as Dropbox and SharePoint. If those files aren’t protected with a strong password, you may well be saying goodbye to the privacy of the contents within – and if any of that data is sensitive, you may find yourself in a lawsuit, especially if customers’ have been targeted and their privacy breached. In 2014, telecoms company TalkTalk sued their supplier after customer data was breached, with one unlucky user left £2800 out of pocket after a fraudster, using sensitive data she had gained from the breach, convinced him to give her his bank details on a telephone call.
This may sound extreme and in the majority of cases, employees’ will recognise spam emails and adhere to workplace rules regarding security, but it is extremely important to remain vigilant and ensure measures are in place to deal with any risks. It’s often the small things that are overlooked, such as an open file with no password protection or the accidental opening of a spam email, but these can lead to much larger consequences, especially with computers on a shared network.
As well as preventing data breaches, good security measures such as password protecting documents will also prevent from internal data sharing where applicable – for example, it may be that you store sensitive data as a PDF but only certain members of staff should be able to access the information. In this case, a password will prevent against the data being open-access and ensure privacy is maintained except to all essential personnel.