Don’t worry: we are not about to get political. Even if you are in the crowd who stopped following half of your Facebook friends when they got “too political,” (or if you are in the crowd that does not use Facebook at all), you still might want to know a few things about the possible Russian Hack on the US Presidential election. Half of Washington is lawyering up in preparation for a possible investigation into the scandal.
We are more concerned about what it means for cyber security, including the future cyber security of your own organization than we are about political affiliation. Here are some of the key lessons learned, warnings gleaned, and data to know what might have happened in that Russian election hack…and what it means going forward.
Data from both the Department of Homeland Security and the National Security Administration says that Russia intended to interfere with the US election. Protection efforts were centered around maintaining voter identity and ballot security, stemming from the fear that Russia would hack voting machines or create fake identities and vote. Both of those things could have altered the election and may have been attempted, but they are not what happened.
Instead, data suggests that Russia would rather undermine democracy in the United States itself. Officials in Russia deny it, but the code says otherwise: in cyrillic (the Russian alphabet), in the right time zones to be from western Russia, and probably state-sponsored, according to US officials. So, it is a bit of a game of “he-said/she-said,” but it is likely that Russia has been attempting to mess with elections in western nations.
Phishing Reels Them in
Based on the evidence to date, it appears that Russia was not able to successfully hack the voting systems or ballots themselves. Unfortunately, the hacks of both the Democratic National Conference and Hillary Clinton’s campaign seem to have been the result of phishing schemes. That is right, someone clicked on a fake link.
It’s one of those things that cyber security professionals constantly warn you about. Cyber attacks frequently come in the form of a phishing scam. The email will pretend to be a legitimate site, and have you enter your password…or it will seem to be from a friend or associate, with an attachment to open or a link to click. Do not click the link. Do not open the attachment. Train everyone you know to follow the same guidelines. The data breach that undermined the election, and likely cost Hillary Clinton the office, was a simple phishing email spoofing Gmail.
Shore up the Levees
So how do you ensure that you and your associates do not make simple email mistakes that cost you your business or cause your downfall?
Fortunately, the solutions are simple:
- Do not click on anything suspicious
- Make “suspicious” your default position
- Use complicated passwords
- Do not repeat passwords between sites
- Enable 2-factor authentication
- Train everyone who works with you on all of these solutions
Trust the Experts
In this digital era, we cannot actually leave all of technology up to IT professionals. If you are willing to use the internet and/or carry a smartphone, you have agreed to the terms of the cyberverse: and that includes applying those basic solutions for cyber security.
When it comes to managing more complex requirements, protecting your organization from infiltration, and staying ahead of the game with industry-specific insight…well, then you can put your trust in the experts.
Fortunately, we have seen it all before, and we can help identify the potential threats to your business and mitigate cyber security risks.