The Internet exploded this month as news of what is possibly the largest data security breach in history spread. Though initially dubbed a “leak” from an anonymous source, the data breach (likely hack) of 11.5 million documents from Panamanian law firm Mossack Fonseca, incriminates leaders and organizations from Europe, Asia, the Middle East, Africa and the Americas. Yes, millions of documents, dating back almost 40 years, before the Internet even existed. Iceland’s prime minister has resigned. Other world leaders are under suspicion. Beyond the investigations of possible criminal activity, many are asking, “What does this mean for worldwide Cybersecurity”?
Cyber Security is Supposed to Protect Digital Data, Right?
Cybersecurity, sometimes called information technology security, refers to the protection of digital data—your computers, financial information, personal information, image and other data that might be available on a digital device. In this digital age, most transactions and information sharing, even contract signing, occur through digital devices, via file transfers or email. Hackers use illegal means to obtain digital information, often for monetary gain. Other hacks appear public-spirited, a sort of “digital watchdog” service (though without insight as to the responsible party for the hack, even altruistic-seeming data breaches may obscure another agenda).
What Kind of Digital Data is Available to Cybercriminals?
Cybercriminals use digital data for monetary, political or other personal gain. In terms of your personal data, this includes such things as: your social security number from hospital records as a means of obtaining tax refunds; illegally obtained photos to sell as pornography; personal data used by cyber-stalkers and cyberbullies; even your personal work login and password may be used to obtain access to your work information.
On a global scale, cybercriminals may seek to upset the balance of power between nations for personal gain. Russian President Vladimir Putin claimed the United States leaked the Panama Papers, while the Washington Post recently posted an article entitled, “The Not-Completely-Crazy Theory that Russia Leaked the Panama Papers.”
Cybercriminals also target large corporations where large quantities of data on clients can be sold to the highest bidder. Cybercrime continues to grow, an estimated 1.5 million cyber attacks occur annually, or about 170 attacks every hour. Even traditional gangs have jumped on the cybercrime market.
The Future of Cyber Security – Protecting Yourself & Your Online Assets
The United States Government has announced a $19 billion plan for cybersecurity. Vowing to establish a committee of internal and external experts to advise on the subject, the White House statement says it will follow expert recommendations over the next decade. Considering that ten years ago you likely did not know what a smart phone was, operating at the speed of government committees may not be the best security protection for you and your business. The yet unaddressed causes of cyber-vulnerabilities put your personal information and business operations at risk. At a minimum, take these steps to protect your digital assets:
- Train your employees on password protection. Require regular changing of passwords (at least quarterly). If you don’t already have a policy in place governing the creation, use and sharing of passwords for your organization, establish one. Passwords should never be shared between employees, and employees need to be trained on creating a “complicated” password. Ideally, you implement an additional layer of security. Fingerprint locks on computers (combined with passwords), single use codes, and other devices can be used for sensitive data. Even the IRS has now established a way for taxpayers to have a PIN beyond a social security number.
- Train your employees on recognizing fraud. Fraudulent emails are still a major source of cyber crime. Cybercriminals obtain organization-wide data from just one employee falling for a false email request. Incredulous? A recent scandal at data storage giant Seagate Technology involved an employee falling for exactly such a scam. A falsified email may even appear to be from the CEO of an organization. Train employees on best practices for recognizing malicious links and using secure networks. Include in your policy what work can be done on personal devices (such as smartphones and tablets), and what work must be done on workplace computers protected by a strong firewall and good virus software.
- Do not store data beyond what you need. If your business must obtain potentially personal data, such as social security numbers and credit card information, do not store such information to “have on file.” Even if customers would like to store such data with you, you do not want the liability.
- Do not put sensitive information in writing. These days it seems that everyone from Hillary Clinton to The Sony Corporation is making headlines for email leak scandals. With emails increasingly casual in tone and the accessibility of communication by text, personal thoughts and communications may find themselves in writing. Exercise your Fifth Amendment write: don’t say anything that could potentially incriminate you or your business. A casual insult, side comment, inappropriate joke or any similar communication, taken in the context of the intended audience, may not offend; however, written data should be considered permanent and available to a broad audience.
Web services companies now often employ specialists in data security. The need continues to grow, with government educational aide available to those pursuing such careers. Consider additional training in cybersecurity for your IT professionals, or hiring data security specialists.
For your personal documents, consider going “vintage” –store sensitive documents in a safety deposit box. You may soon find corporations and government agencies joining you in this as well.