2014 saw a host of cyberattacks and their difficult-to-manage consequences. Let us take a look at those infamous incidents and learn what we can do to mitigate the risks in the coming year.
- Entertainment company hack that ripped the veil off Hollywood’s secrets
A blackmailing hacker attack shut down IT systems, hijacked Twitter accounts, and leaked confidential information – everything from private correspondence among executives to salary and performance data about employees. The hackers have not been identified and they continue to threaten to release sensitive data if their demands are not met.
- Photo leak of the century
The accounts of several Hollywood celebrities were compromised by a targeted attack on their user names, passwords, and security questions. This attack resulted in the leak of nude images and damaged reputations. The images were believed to have been obtained via breach of a cloud services suite developed by an American multinational corporation.
- Large bank in Canada hacked with default password
Two teenagers found an operator manual online for an ATM at a local supermarket. They went to the ATM to try to put it in operator mode and to their surprise, it worked. What was more shocking was that the first random guess at the six-digit password worked the first time they tried. Fortunately, these two honest teenagers promptly notified the bank and no damage was done.
- World’s biggest shopping website fell victim to massive cyberattack
The credentials of a number of employees were compromised which allowed the attackers to gain access to the company’s network and sensitive customer data. Although the cause of the attack was not confirmed, a phishing attack remained a likely candidate.
- State health department became the new HIPPA breach leader
Hackers breached a server containing clients’ contact and clinical information in a US state’s Department of Public Health and Human Services. The breach occurred due to a security flaw in third-party software used by the department and the hackers accessed the server before the vulnerability was patched.
Some of these attacks didn’t require any hacking prowess and could have been avoided or mitigated. Here are some tips to help protect yourselves:
- Educate employees
Employees are the biggest threat to a company's security when it comes to data breaches. Most employees may have the best intention to remain secure but they still make common mistakes because they are unaware of the security risks. It helps to schedule a companywide session to educate your employees on password best practices.
- Enable passphrases
It is human nature to choose an easy-to-remember password which is more susceptible to password attack. You can enforce a more complex password policy but this may create a management headache, with users forgetting passwords. The solution? Enable passphrases to allow users to create long but memorable passwords to increase security. Increasing the length beyond 20 characters makes password attacks very expensive – to the point of rendering such an attack infeasible. Also, the passphrase feature allows users to create passphrase they can easily remember such as “[email protected]@w I leave for Disneyland!” so they never have to resort to insecure ways to memorize their passwords.
- Turn on multi-factor authentication
Multi-factor authentication (MFA) requires more than one form of authentication to verify user identity. MFA combines two or more independent credentials: what the user knows (password), what the user has (smart card) and what the user is (biometrics). This makes it hard for hackers to steal your password because they will also need to have access to other credentials.
For more information on how you can protect passwords and your data, download this whitepaper.
Darren James is the Product Specialist at Specops Software