How A Single Contractor Caused A National Cybersecurity Incident (And What You Can Learn From It)
By Max Emelianov, CEO at HostForWeb.com
NSA data has fallen into the hands of Russian hackers, all because of a stolen laptop. The repercussions of this incident will be felt for some time - but there's a lesson in what happened here.
No matter how ironclad your cybersecurity, all it takes is one careless employee.
The National Security Agency recently learned that the hard way, according to the Wall Street Journal. An unnamed (and probably former) NSA contractor decided that they wanted to do their work from home instead of at the office. No harm there, right?
Yeah, not so much. The data downloaded by the contractor included details on both how the United States protects itself from cyberattacks and how it infiltrates foreign networks. Because that contractor was using antivirus software from Russia-based Kaspersky lab - software which has been blacklisted for use by U.S. Government Agencies - that data is now in the hands of Russian hackers.
It gets worse. This breach isn't actually a recent affair. It happened in 2015, and the NSA only discovered it in Spring of last year.
"Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work," reads the WSJ. "It could also give the Russians methods to infiltrate the networks of the U.S. and other nations."
So...this is pretty bad, in other words. But unless you work in cyberespionage, it doesn't really have anything to do with your business, right?
There's an important lesson amidst all the fear, uncertainty, and digital warfare. Chances are incredibly high that at one point or another, your business will work with a third party. A vendor, or a contractor, or a business partner of some kind.
Chances are equally high that eventually, one of those partners won't take their own cybersecurity anywhere near as seriously as you take yours.
Your security plan needs to account for that. You need a way of controlling how your sensitive files are accessed, downloaded, and utilized. You need a way of monitoring and controlling access to corporate resources.
In short, you need a means of preventing external workers from putting you at risk.
At the same time, you need to achieve all of this without impeding anyone's workflow. A security solution that hampers productivity is, after all, effectively useless. Tall order, right?
Not as much as you might think. Do a bit of research into some of the content collaboration and file sharing solutions on the market. Do a bit of reading on remote desktop solutions and PIM software.
And last but certainly not least, talk to your web or server host about how they can help you keep your data safe, secure, and under your control - even when it leaves your perimeter.
Stolen data in your case probably won't cause a national incident. But it could still harm your bottom line - end up putting intellectual property squarely in the hands of a competitor. Luckily, by taking the right steps, you can ensure that doesn't happen.
You can ensure you won't make the same mistake as the NSA.