Last weekend’s announcement that the LulzSec group of jolly hackers was breaking up was met with bemusement after one of the most mysterious, albeit entertaining, chapters of the information wars of 2011.
It’s quite clear that 2011 is unfolding as the Year of the Hack, with electronics company Sony – which now appears to be the joke of the online security world – major banks, the FBI and even Google’s Gmail service all the subject of serious online attacks.
The success of many of these attacks is a reminder to all about the importance of online security. It is our responsibility to protect our customer and staff details by taking basic precautions.
Many of the business hacks appear to be the result of slack security practices, including out-of-date software and default passwords being used.
Even if you don’t have a server yourself, make sure your computers have all current updates installed and that strong passwords are in place.
A basic precaution is to have robust passwords. A combination of letters and numbers is the best.
One tactic is to use a phrase as a password and separate the letters with a character, for instance “mary$has$a$little$lamb”, although you might want to choose a more relevant phrase.
Keep in mind that strong passwords aren’t much help if an incompetent corporation leaks them onto the web, along with your banking details. So use a layered approach where critical passwords for bank accounts are different to those you might use for an online game or social media site.
The real risk to our security lies with our own staff. Many “hacks” are actually employees erasing or give away data, which could be deliberate or accidental.
Don’t give passwords or access to people who don’t need them, keep the business accounts away from your sales staff and lock employment records away from the IT folk. Private client information shouldn’t be shared around the office, and particularly not with outside parties.
The Distribute.IT debacle, which resulted in a complete loss of hardware, client data and backups, shows how important it is to keep your own backups.
As we move our businesses to online and cloud-based services, we have to put a lot of trust in those who provide such products. It’s good insurance to have easily available copies of mission-critical data in case of a problem.
We’ve all heard CEOs and ministers claim they will save millions by outsourcing their IT departments. Those savings come from somewhere and information security is one of those corners cut when reducing operating costs.
Experienced tech workers have plenty of examples where management cries of “We’ve been hacked” have actually been hardware failures or staff mistakes brought on by poorly trained staff working with inadequate equipment.
Sony appears to have fallen for this, having reportedly sacked many of its security specialists before the hacks began.
Make sure you are making sensible investments in your technology and not going for the cheapest, or free, option simply to save a few pennies.
Nothing is more embarrassing than losing clients’ confidential data, such as banking details.
If you are taking customer payments, make sure you are complying with the DSS-PCI standards for card payments by giving the work to a reputable payment gateway.
“There but for the grace of God” is a good phrase to keep in mind when you see another business affected by a hacker, hardware failure or any of the millions of other unfortunate things that could bring your business to a halt.
Even with the best planning in the world, sometimes dumb luck just doesn’t go your way. You need to have a fall-back plan to keep your business running if the unexpected happens.
One thing that jumps out in a number of stories is how some organisations are simply not honest with their customers.
The process starts with misrepresenting how they secure and protect customer data. When an outage hits, they hide behind a call centre and often lie, or at least understate, the effects of the problem.
In an age of social media, blogs and user forums, trying to spin your way out of trouble is not the answer. If customers are going to trust you, they need to have confidence you won’t mislead them.
As consumers, the various data breaches we’ve seen so far this year should make us pause before we give valuable personal data to businesses. It’s quite clear that some don’t deserve our trust.
As businesses, we need to show we are worthy of our customers’ trust. The first step is taking their privacy seriously.
LulzSec, Anonymous and all the other hackers, anarchists and general troublemakers on the web are reminding us that we need to take our online responsibilities seriously.
Make sure you’re protecting your own business and your customers’ data.
Paul’s latest book, e-Business: Seven steps for online success, is available through John Wiley & Sons and all good bookshops from 1 July.
James was the editor and publisher of SmartCompany and LeadingCompany for five years. He is now the Australian Financial Review‘s companies & markets editor, and a former BRW editor.
