• September 23, 2016

What the DNC Hack Teaches Enterprises

Three tips for keeping your enterprise security system up to par.

Political candidates are used to attack ads, but what about cyber attacks? By now, we’ve all heard about the hacking of the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee. In July, WikiLeaks published 20,000 emails stolen from the DNC, and cybersecurity experts are pointing at Russia as the source of the hack. Several DNC employees have resigned as a result of the scandal.

And while you may not run for office anytime soon, your enterprise probably does answer to the public—customers and stakeholders. This sort of large-scale and long-term hack raises fears among IT security professionals, whether you’re at a small local business or a multinational enterprise. Is your data security up to par?

Sean C. Higgins, CTO and co-founder of the Herjavec Group, has advised many companies about security. Enterprise Forward spoke with him to get his top pieces of advice to keep your organization from becoming a major news story.

Do Your Updates

Higgins says he sees it all the time—businesses aren’t running the recommended security patches, and some aren’t even upgrading to recent versions of their operating systems.

“One of the recent breaches I dealt with was a local hospital that was still running [Windows] XP,” he says. Older software has been around a long time, and hackers are well-versed in how to exploit its vulnerabilities. Save yourself the headache by upgrading and allowing security patches to run. If you’re concerned about the stability of patches, keep a test system to try them before pushing them out to the rest of your computers.

Of course, it’s not just the operating system that needs to be updated. Software programs can be used to access networks if users aren’t running the recommended updates. Push updates out when the network is less active, such as overnight or on the weekend, rather than depending on each user to keep his or her own software up-to-date.

IP Traitors: Will Your Employees Sell Secrets?

A recent story found that more than half of employees admit that they would sell corporate secrets if offered enough cash. And for some that number was as low as $150. Where do your employees stand?

Know What’s Important

If cost is an issue or if enterprise security protocols make it difficult for certain staff members to do their work, look at ways to segregate the most important data on the most secure servers.

For example, says Higgins, if your most important asset is CAD drawings of your next product launches, keep those in a secure area that doesn’t allow users to download them to their desktops. If it’s your customer database, increase the level of password security and multifactor authentication to get into that database.

The same goes with blocking sites. If the public relations team needs access to Facebook, for instance, allow them but block it for the rest of the workforce to prevent that source of phishing attacks.

Train Your Staff

Sometimes, staff unwittingly allows hackers into networks by clicking on a malicious link or giving too much information to a caller. Remind them, says Higgins, “If IT is calling, they’re not calling for your password.”

Periodic training and tests of staff’s vulnerability to phishing scams and social engineering can help your staff respond appropriately when faced with situations that might open your network to risk.

No enterprise security strategy can guarantee that you’ll never be hacked, but keeping your programs up-to-date, ensuring that the most important data and content are the most secure, and keeping your staff on their toes are critical first steps that can make a real difference.

Like this story? Learn more about engaging employees in cybersecurity and the future of threat intelligence

X Health Scare System: Hackers Target Hospitals

What healthcare companies must now about the risk of being hacked

Learn More