It Happens More Often Than You Think
On June 16, 2015 a different type of cyber breach story broke- an investigation that the Federal Bureau of Investigation (FBI) had opened into the St. Louis Cardinals for hacking into a private database that is owned by the Houston Astros.
The story of the Cardinals’ hacking investigation are predictably maddening. Officials allegedly believe that the Cardinals gained access to the Astros’ database by using old passwords from former employees that had moved the Astros’ organization.
This story has brought issues of cyber security back to the forefront of the news. As more and more information moves from paper to various public and private networks, the risks involved in breaches of that data increases. As the maxim goes, all cyber breaches will be discovered to be more serious than thought when first discovered.
The Lesson
Companies need to take the security of their various computer networks very seriously. Failing to do so can expose them to significant liabilities in the case of breaches as well as leaving them vulnerable to issues of corporate espionage and the like.
As the Cardinals case shows, the need for companies to ensure that not only do they use adequate protection at a corporate level but to ensure that employees follow best practices when it comes to cyber-security issues.
There are a number of steps companies can take to help increase the protection on their networks, particularly as it relates to the relatively unsophisticated attacks underlying the baseball breach.
How To Reduce Your Risk
Where possible, use two-step authentication.
Two-step authentication requires that those accessing a network use both a password and an additional means of authentication, normally a code transmitted through a smartphone app, FOB, or text message. The two-step process makes it significantly more difficult to break into a private network- though the system is not foolproof.Require employees to change passwords once every six months.
Frequent password changes make it more difficult for hackers to break into a network using old passwords, though they can increase the burden on IT departments. (If employees have difficulty remembering their passwords.)
Encourage the use of secure password managers.
Password managers can increase security by enabling the use of randomly-generated passwords that would be impossible for most human beings to remember. Most passwords involve English language words and letter-number substitution (such as 3 for E or 0 for O). This makes these passwords easy for sophisticated hacking computer programs to guess. A random string of numbers and letters generated and remembered by a secure password manager poses a much more difficult problem for a hacker to try and solve.
Creating and diligently following a termination checklist.
These are procedures that are completed whenever any employee leaves their position (voluntarily or not). The purpose is to block all prior access, disconnect active sessions (log-ins), and remove the liability of a known password.For more tips on securing your company’s network, creating security policies, and general computer use tips, check out our series “The Busy Bee’s Guide To I.T.”- available on our YouTube channel.
