MD, Malcolm Newdick, was published in Talk Business Magazine
IT security is hitting the headlines. In the past few months we have seen two seriously embarrassing security breaches at Sony and at the US Central Command. So, what do these hacks mean for the rest of us? What can we do, running our own businesses, if the biggest organisations in the world can be hacked?
The Sony hack last November could be a long-term disaster for the company. It’s not only a serious security breach but the consequences of it could have a major impact on Sony. Imagine all your HR records, staff salary details, confidential documents and e-mails being put in the public domain. Now think about the consequences for a company like Sony that employs 6,500 people. The lawyers must be lining up their discrimination and breach of contract cases right now.
We don’t know all the details, but the Sony hack has the hallmarks of an inside job. How else would the hackers find all the valuable stuff – from unreleased films to HR records and financial details relating to celebrities – and manage to copy it all from the network without being detected?
The implication for us in our businesses is that we have to be sure that we have rock-solid HR processes and IT management so we protect ourselves against “the enemy within”. It is never going to be 100% safe because ultimately you have to trust the people you employ. Edward Snowden proved that even the security services get it wrong sometimes.
Meanwhile, the January hack of US central command’s Twitter account was just acutely embarrassing. It was only a Twitter account and nothing confidential or secret was leaked. But if your military central command creates an impression of being staffed by bumbling idiots, it could be time to take cover.
This hack appears to be a simple security lapse, otherwise known by the technical term of “stupidity”. It’s quite likely that a member of staff received a phishing e-mail asking them to confirm their Twitter account details. The trouble is that they responded to it.
The lessons to be applied in our businesses relate to staff awareness. Education and awareness are half the battle with IT security. If people know what the security risks are and how to identify them, you are much less likely to fall victim to an attack. Making sure that everyone is aware and alert is the best way to prepare yourself – after all, you’re only as strong as your weakest link.
The full magazine can be found here.