Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

So your company’s been hacked: How to handle the aftermath

Matt Hamblen | Aug. 26, 2016
Advice from a cyber expert

"As we move to everything being connected in an internet of things world, these devices need to be coded securely ... As hackers get better and better and we have a generation with less training in security, we have a big problem."

Cohen Wood said her advice to average workers is to make sure they are involved in some type of security education program, just to understand the cyber threats. "You have to be very cognizant that what you post on your social media about yourself or your company doesn't make it easy for somebody to piece together a pattern about your company or your kids that can later be compromised. When you get a device, like a smartphone, really look at the risks, change the default password, read the terms of service and update it when attacks come out."

For IT executives, she advised: "You have to be better than the hackers. Along with education, you have to get support from the C-level. You also have to have good cyber monitoring systems in place and procedures so that if something goes wrong your employees know what to do. Remember, a hacker just has to find one way in, while the security admin has to know all of them. If you are not keeping security logs or staff doesn't know how to escalate a response, you have a problem. "

And Cohen Wood repeats the oldest lesson from the IT playbook: "Make sure you have backup systems and have tested them. Make sure the sensitive data is segregated and not easily reachable and is 100% encrypted and in compliance with federal regulations, like HIPPA and PCI."

Generally, Cohen Wood advises companies to recognize that hackers have moved from going after faulty code to attacking humans through targeted attacks or phishing attacks. That means that anyone who touches a company network -- from the interns to the vendors -- needs to educated on all the threats.

Workers need to be segregated so that those who don't need to know certain things should not get administrative privileges, she added. A recent survey by the Ponemon Institute found that 62% of 1,371 end users said they had access to company data that they probably shouldn't see.

"The security situation is not hopeless, but we do have to get better," she said. "We need to work together and educate. An executive can't say, 'It's not my problem, that's IT's problem.' "

Cohen Wood conceded, however, that the emergence of quantum computers means that hackers will indeed be able to break tough encryption in coming years.

While Cohen Wood advises using encryption today, she said it might be rendered ineffective in a decade when powerful quantum computers will be put to use.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.