The Sony hack was the top tech news story of 2014, but will we learn anything from it? My bet is no.
Is your firm's network more secure than Sony's? Probably not. Unless you are mostly or entirely in the Cloud with a reputable Cloud services provider, your network is likely as vulnerable as Sony's. You have not been hacked only because there has not yet been a person or organization with sufficient motivation to do the hack.
Local networks are inherently vulnerable because they depend on the skills, knowledge, and vigilance of local people including you, your employees and your IT people. All it takes is one disgruntled current or former employee with knowledge of important passwords (or a way to find them) to turn your firm into the next hacking victim.
A few questions to ask yourself.
1. Do you use strong passwords (at least eight characters, no words you can find in the dictionary, at least some special characters that are not letters or numbers)?
2. Do you change ALL of your passwords regularly, particularly each time an employee leaves or you change IT vendors?
3. Are your passwords distributed strictly on a need to know basis? It may be convenient for your legal assistant to have your Windows password or even your network admin password, but is it necessary - or wise?
4. Is remote access to your network limited to only those who absolutely need it?
5. Do you use second factor authentication for all web accounts that offer the option, and have you considered dumping those few services not yet offering such protection?
6. Does your firm have a way to assure that all operating system and software security updates are promptly installed?
7. Have you ceased using all outdated software that is no longer supported and therefore no longer updated to patch security vulnerabilities?
This list is not exhaustive. There are many ways to compromise a local network. However, there are far fewer ways to compromise data stored with a reputable Cloud services provider (Microsoft, SpiderOak, SugarSync, etc.). If you use strong passwords, limit access to those passwords, change them regularly, and use second factor authentication, your data will be far more secure than Sony's. Remember, it was Sony's locally-stored data that was compromised. Data stored in the Cloud was not hacked. This was the best lesson we can learn from the Sony hack.
Content courtesy of the
Affinity Consulting Blog.
Want to find out more? Download the OSBA CLE Cybersecurity Law Institute eBook (free
if you registered for one or more in person or self-study OSBA CLE seminars this calendar year).