Employees + Contractors + Hackers ≥ Most Security Models?

Although companies have been on guard for some time now against potential hacking attempts, the security industry seems to be letting them down. Most major corporations and government divisions have been hacked over the past few years, giving some people the notion that stealing information is almost acceptable in some circumstances.

Fortunately, inside companies, blocking those that would steal information remains a pretty strong goal. Of course, it was only recently that companies came out and talked about how ultra-competitive employees have become a problem just like hackers have when it comes to removing key information from a company.

The problem:

Information theft has been going on for thousands of years. Even in Japan, where if someone gets caught stealing a wallet, they will be ostracized for years- stealing information carries no such stigma. So when trying to train employees to learn not to give away information or fall victim to social engineering, it can take some time to find the right group of people to respond.

Just ask the IRS. They made an internal rule: no looking at people’s taxes if you are not working on their file as part of an investigation. Sounds simple, yet they trained everyone and warned them- and still ended up firing 800 workers in one year because they went back and looked at files that they shouldn’t have.

So training people and creating a security infrastructure that helps to stop attacks both internally and externally are both important methods of dealing with information loss.

Things may get worse:

A couple of years ago, Sony had an attack where employees were hit at work day after day by hackers that would communicate with them to humiliate them. One of the corollaries to that attack was the fact that one of their clients lost his company’s three year road map that he had shared with a Sony colleague. The file was hacked and published by the hackers. According to the executive, it was the worse feeling in his career to that point to have to confront the fact that your company’s future may have been essentially stolen.

Attacks are also happening abroad. Some executives from California opened an office in Mexico. They used to catch up on email and browsing at local coffee shops and the library. It wasn’t until they went to visit the local cable company that they became aware of the fact that local cable company employees had access to their Internet data at local cafes. They told them what they were doing online and what their recent topics of interest had been.

The troubling part of this from a security standpoint was that using a network of local restaurants with Internet access did not help. Instead, someone had taken the time to network all the local public wi-fi spots and de-adjudicate users to the point where they would track people over the internet and sell the information to whatever company or worker was interested.

One Answer:

If you are concerned about Internet privacy, using a VPN is one of the best ways to forestall hackers or eavesdroppers. VPNs or Virtual Private Networks are a type of connection that uses a tunnel or a proxy to hide the data that you are sending in a very secure structure. Generally speaking, you will have a server somewhere on the Internet that you connect to. Once you are connected, you can browse through that server or one that is on their network without being detected locally. To the local user, you will appear as if you are somewhere that you are not. So if you are physically in Costa Rica and select a server in France, you might appear as if you are in France and looking at websites in Costa Rica- making it difficult for people to know just where you are or who you are.

Another nice thing about VPNs is that you can store files on the server that can only be accessed by people that have a right to use the VPN. That means that even if someone does hack you, they would normally have to be onsite physically in order to make it easy for them to steal any data. If they don’t have the right to use the VPN, there is no way they can take any files.

If you buy things for your firm, VPNs can be augmented by using mobile payments. Because your phone is encrypted you should not need to worry about hackers being able to get into your application and determining how much money you have and how much you have spent. You should also be able to thwart the border information bandidos who count how much cash comes out of your wallet in Southern California and Mexico. One practice that works is to set a password for each payment processor and then use a secondary login to allow access to those processors. That way, if you want to use Paypal, you are not entering your Paypal password in front of everyone in the store that you are in. If you use that type of security, you won’t have your password stolen. The only way that they could get access would be to physically steal your phone.

It isn’t easy planning for sabotage from hackers and employees. At the same time, if you make smart choices like getting a VPN and using mobile payments to stay away from hacking attempts, you should save your firm time and money.