In 2000, Chinese hackers began a 9-year hacking assault on telecommunication giant Nortel. The hackers used remote access and automated software to generate a large number of password guesses to eventually break the credentials of seven executive team members. The hackers successfully obtained critical reports, research and development materials, employee emails, and strategic information. Unfortunately, Nortel’s top executives neglected to secure their network and eventually declared bankruptcy in 2009. As Nortel disintegrated, Chinese telecom Huawei grew, with some speculating “Huawei’s rise was at the expense of Nortel.”
Nortel’s downfall raises awareness of the devastating consequences that are the result of a cyber-attack. However, there is a growing tendency to generalize cyber-attacks as simply “cyber-attacks,” leaving us numb to the term rather than educated. This makes all cyber-attacks seem like nebulous boogeymen. In fact, there are many different types, and taking these threats seriously is the first step in preventing them.
Everyone must evaluate their online behavior and become hyper-vigilant about their cyber hygiene, the measures taken to ensure one’s “health” and safety online. Cyber hygiene begins now, with improving passwords, enabling two-factor authentication, installing anti-virus software, and routinely scrutinizing potential online threats (like the ones mentioned above).
Business leaders must invest time and money into their organization’s cybersecurity strategy by first training employees to maintain good cyber hygiene. Many executives and board members remain hesitant to spend millions on cybersecurity. However, cyber-criminals take $400 billion per year from companies, with much of that theft going undetected. Technological solutions are simply not enough to prevent a cyber-attack. Making employees aware of the threat is crucial.
Three things companies must do to immediately implement an adequate cyber hygiene program:
- Set tone at the top
- Executives are responsible for setting the company culture – when they support a cybersecurity initiative, the company follows
- A CEO who takes cyber security seriously will influence his or her employees to do the same
- Make cybersecurity a part of the office conversation
- Discuss cybersecurity measures regularly – learn from Nortel’s mistakes and make employees aware of the dangers
- Create a best practices document with instructions for changing passwords every 90 days, updating anti-virus software and other apps, protocols for downloading 3rd party apps on work computers, etc.
- Understand and limit access
- Know which employees have access to workstations and keep this information up-to-date (expired accounts are targets for hackers)
- Minimize attack exposure by limiting access to only those who need it
Personal cyber hygiene is equally as important. Business and personal information are intertwined, and it is nearly impossible to untangle the spider web when a cyber-attack occurs. Many people manage their work and personal lives on the same smart device. Protecting one’s cell phone is just as important as protecting one’s work computer. It is essential to know what apps are on smart devices, what personal information they require before downloading, and what the potential risks are in having those apps. Scrutinizing emails for suspicious activity on phones and home computers is also important. Essentially, any cybersecurity strategy employed in the workplace carries into the home and impacts personal devices.
It is time to be more cautious on the internet. Technology has come a long way and the most reliable security guard for your information is you.