Recently, it came to light that the CIA has lost control of some of its hacking assets: nearly all of them, in fact. What does that mean? It means that over 8,761 documents with thousands of lines of code that tell hackers exactly how to hack into smartphones, TVs, computers, and even internet connected cars have been leaked to would-be hackers all over the world.
Many of these were stolen from foreign countries and their security services, and the security loopholes they created were left open, intentionally, so the CIA could utilize them. We know this because an unknown hacker shared them with Wikileaks.
But what does this mean to your business, and your security online? It means that cybersecurity, always a priority, now must move up in your priority list. While studies show most Americans feel that the risk of cyberattacks is up, they feel pretty secure themselves. Rather than living in denial, here are some actions you can realistically take to protect yourself against these hackers and government generated lines of code.
Email stream passing through a security scanner. Digital illustration.Use Two-Factor Authentication for All Email Accounts
We have so much space on our email servers that almost no one deletes email anymore. We move them, categorize them into folders, or turn them into tasks, but seldom delete anything except those items that show up in your junk folder.
That means it is pretty likely your inbox holds the keys to your life: where you bank, access to your social media accounts (by resetting your passwords), and even more. Your employees have all kinds of company logins in their inboxes as well. How do you make it a least less likely someone will hack into this area containing such valuable information?
Turn on two-factor authentication. This just means that if you sign into your email account from an unfamiliar location or device, you have a second layer of security to go through. Most often this involves getting a text message with a special code sent to your phone or another email address.
Make sure yours is turned on, especially if you use Gmail or a similar service. Then make sure that all of your employees are doing the same, especially if you have a Bring Your Own Device (BYOD) policy in place. This ensures that at least the email on every device with access to company email is at least better protected from hacking.
Encrypt All Hard Drives
There is some debate over whether or not this tactic is a good idea, and the process itself comes with hazards. It can literally turn your PC or Mac into a brick. Proper backups and some IT knowledge are preferable, especially if you need to restore an encrypted hard drive, or your computer crashes altogether.
Instead of using the encryption that comes with Windows or iOS systems, you can use third-party encryption programs, although you have to be careful with these too. Some only work with certain operating systems. If you are still running Windows 7, your options are probably broader, but may or may not be as effective as you would like.
Again, this is especially vital if you have employees who bring their own devices. Anywhere company information is stored, it needs to be secured. This could be as simple as the user creating a single encrypted folder where all company information should be secured. This includes digital signing,
Your servers, if you are large enough to have them, are probably already encrypted by your IT department, but don’t neglect the other places where your company information may be stored.
Do All Security Updates
Do you have a company program that you use for project management, communication, and other organizational functions? Good. It probably uses a database and a program called FileMaker as part of its support. FileMaker has some great security options that are updated constantly. Either enable your IT team or ensure you install all new updates, especially security ones, as soon as they become available.
Apple has already done a number of updates since the news of the Vault 7 release, and they will be continually updating as will Microsoft and other software giants. Google has already begun its own investigation into vulnerabilities despite few leads and has requested more information from the CIA.
Pay attention, and apply these updates as soon as you are able.
Use Encrypted Messaging Apps
Increasingly digital workforces combined with partially or fully remote workforces means that the future of employee engagement will be driven by electronic messaging, digital signage, and other web-based communication methods.
Encryption is extremely difficult to hack despite what you see ion the movies. So encrypted message services like Slack or Signal encrypt messages and should be used over normal texting or other messaging services to protect your information.
A note: if you are a small enterprise or just using the free version of Slack because you have a small team, you are missing out on some of the security benefits, including custom message retention and DLP and eDiscovery support. If you use the service for secure communication, especially if you have a remote workforce, you should consider an upgrade.
Be Cautious about Remote Monitoring Programs
Do you think monitoring your employees remotely is a good idea? You might want to think twice about that decision, because of all the information these programs contain. If you can monitor your employees remotely, remember so can a hacker.
Remote monitoring comes with other costs as well. Employees may feel micromanaged, and it could have a large impact on your company culture. Studies show that many workers are more efficient and less distracted when working remotely, and a monitoring program shows that you clearly don’t trust them or their work ethic.
There are instances where remote monitoring may be appropriate, but in those cases, security must be the highest priority when choosing remote monitoring software.
Educate Your Employees
The most common way a hacker gets into any organization’s software is through a person, whether that is a weak password, access to email or a personal device, or some other form of corporate espionage.
Hold regular training for your employees on both personal and company security. Make sure they do simple things like enable the passcode on their phones, encrypt their own devices, even if they don’t use them for work. Make security a part of their everyday practices.
Even before Vault 7, hackers had a number of tools to attack businesses, and a data breach or loss or even a ransomware attack can bankrupt nearly any small business in a matter of days. Cybersecurity should be something that is always a priority, but even more so now that hackers have more weapons at their disposal.
Image: Author’s Own
