It seems like every day there is a shocking new data breach.
Yahoo only just admitted they were hacked back in 2013 (leaking account details of one billion users, one of the biggest breaches ever).
Deloitte were hit pretty hard, with client information being accessed including personal details, usernames and passwords.
Equifax suffered a humiliating breach of 143 million customer account details.
Then there’s all the attempted hacks: North Korea vs the House of Commons, British teenagers vs the CIA. The list goes on (and those are just the ones we know about).
Do something now
Without fail, someone will write an article asking: is this the wakeup call we needed? The answer is always, unfortunately, no. Things are only going to get worse: the National Cybersecurity Centre recently warned a “category one” cyber-attack (the worst kind) is just around the corner.
So, what are you going to do about it? Is your intranet security policy up to scratch?
Time for business to get serious
Here’s some food for thought: Gartner predicts security spending will top $93 billion in 2018. Sound like a lot, right? Wrong. That’s only a 7% increase on 2017 – a year where more data was lost in the first six months than the entirety of 2016. We aren’t even close to spending enough.
The worst thing about all this? Most forms of hacking are easily avoidable.
What you need to do
Simple guidelines will go a long way in protecting your company assets:
1) Don’t use a company laptop on public wifi – hackers love setting up fake wifis in popular cafés
2) Never send sensitive information without alerting your line manager – today’s phishing scams are far more convincing than the Nigerian prince days.
Start including security as criteria when selecting new apps and products. When you’re checking out a product’s website, make sure they have a compliance and policy page like this.
After you’ve selected one, subscribe to their development blogs. You’ll know how serious they are about security, and how much they invest in keeping their product up to date. If you don’t hear much, have a good hard think about how suitable they really are.
Update your technology
Working for a technology company, it really hurts us when we see people using out of date software. We mean it when we say: please, please keep your computer, browser and apps up to date.
Do you remember when the NHS was subject to that ransomware not too long ago? That’s because they were running Windows XP, and decided to end their deal with Microsoft to keep it updated.
It’s an ongoing battle between developers and hackers to plug exploits. When you take developers out of the equation, it’ll only end badly.
Got all those things down? Good. This is just the beginning. Keep educating yourself, following the news and jettisoning the dangerous products. You’ll make the hacker’s life difficult and, in the end, save your company.
And if you are hacked…
Act quickly and competently by owning the situation (no matter how painful taking responsibility is). Keep customers in the loop and be honest. Do what Mumsnet did: send out an pre-emptive FAQ document and invite anyone still concerned to talk with you directly.
What this means for intranet security
Luckily, intranets have moved on from their original definition. Back in the early days of computers, there were only internal networks: big beasts of systems kept in the basement of your company. Nowadays, companies like Twine are secured in the cloud (we use Amazon Web Services). You can read all about how we keep our services secure.