What the Sony Hack Attack Means For You
Could your business be the target of a cyber attack like the one at Sony? Do you have the proper safeguards in place to prevent a similar event from occurring at your company?
Mike Heil, CEO and Partner at ThrottleNet, appeared on TNtv, to discuss the impact of the Sony attack and the action steps you can take to prevent a potential disaster at your firm.
Heil said businesses can reduce the likelihood of a major Sony type breach by addressing three top vulnerabilities. These include:
1. Your employees.
A company’s network security is only as good as the people watching over it. If the person in charge is not reliable or unethical it is like leaving the front door to your business unlocked.
Background checks should be performed on your internal IT staff. If you outsource your IT make sure the Managed Services Provider (MSP) performs background checks on its employees.
HIPAA compliant IT firms, like ThrottleNet, must perform background checks in order to maintain their certification. Other vendors should perform these checks as well.
2. IT Vendors.
Many businesses, physician practices, accounting firms and legal firms use outside vendors to perform maintenance work and update software. These vendors need access to servers but sometimes are granted more access than what they need.
These vendors may employ staff who are not schooled on software security practices or may not be of aware of the sensitivity of the information involved. They can accidentally expose key data and leave a company vulnerable to an outside perpetrator.
Business owners and practice managers should review the qualifications of any IT vendor and grant them access only to what is needed to complete their task.
3. Software Security Policies.
A Windows operating system allows you to set as many different auditing passwords for access as necessary, which can be disabled by default.
However these passwords are only effective if someone is watching over the system. An auditing plan should therefore be in place with regular oversight of the network and servers.
A good practice is to quickly shut down an employee account any time he or she leaves the company. In fact it may require all passwords to change to lessen the chance for a breach.
Many companies leave themselves vulnerable by not utilizing a strong antivirus software that is updated on a regular basis.
The software that took down Sony was so malicious it destroyed entire master boot records on certain servers. Once that is gone it becomes difficult to get that data back. Therefore, companies need a good offsite backup in the cloud to ensure their data can be retrieved.
Should your firm suffer a Sony type attack, without prepare precautions, you and your network will be out of business.
Watch the full video below!