When Wikileaks launched in 2010, it seemed like an intense novelty. A site that let you read governmental files that were never meant to see the light of day, because someone inside the organization leaked them? To many, it felt like a plot point straight out of an action movie. But now, the service feels like part of everyday life, and people don’t seem to pay much attention to it.
The reality? Cyberwarfare is here, and news stories are coming at a high clip—each one featuring how another company or government organization has been attacked, leaving confidential documents splayed across the internet for all to see. Consider the famous Sony Pictures hack, which locked the company out of its own computers. On top of that, hundreds of gigabytes of files were stolen—a void that will prove difficult to fill.
Double-check the privacy setting for your business’s deepest secrets
It’s still unclear who attacked Sony, but it was a politically minded act of cyberwarfare on a scale no one’s experienced before. Employees were unable to work for months on end; Sony’s deepest secrets were put on display for all to see; and worse still, the company’s intellectual property—movies—were leaked years in advance of their expected release date.
Despite the prominence of the attack and the amount of damage it caused, many businesspeople still don’t realize the true nature of the threat. Cyberwarfare isn’t just inconvenient—it’s likely to hurt or destroy a smaller business that isn’t prepared.
Similar scenarios are playing out across the world, whether it’s Equifax, the French election campaign attack or the database leak of an old website like MySpace. The sheer scale of these cyber attacks is astounding, but many companies don’t have a response plan—let alone basic security protocols to prevent such issues from occurring in the first place.
Learn how to avoid the simplest cyberwarfare tactic
As an IT decision-maker (ITDM), you can follow a few steps to proactively protect your company from risks, even on a basic level. The most obvious one, outside of technical implementations, is to take your security knowledge and communicate it to your colleagues. Way too many people don’t use password managers or follow secure password practices, so that’s a great place to start—helping them understand why it’s key.
Most people still use the same password for everything, which can form a gaping hole in your security plan. With a little guidance, you can begin educating your team on best practices. From there, it’s important to continue that education—sharing what common phishing schemes look like (which is one way the Sony Pictures hack was initiated) or training employees to only plug trusted devices into their machines.
With a workforce that’s increasingly using BYOD rather than company-issued hardware, this practice is becoming even more vital. Because you might not have full control over what antivirus software is used or installed on BYOD devices, you’ll want to develop comprehensive policies and educational training sessions for all employees, then institute controls and monitoring you can fall back on if anything goes wrong, alongside secure technology solutions that will form the last line of defense.
Many of the attacks we see in modern cyberwarfare aren’t premeditated or looking to steal anything in particular; they’re simply a hacker who notices an opening and decides to explore it. That said, you and your company need to be aware that keeping the network secure, along with your data, is everyone’s job—not just the IT team’s responsibility.
It’s easy to look at the Sony Pictures hack or any others and think about how many mistakes they made, but many companies make those exact same mistakes over time. To avoid becoming the next star of Wikileaks, make a plan and start the conversation today. It’s never too soon.