The recent Sony PlayStation hacking episode saw millions of people, including some in South Africa, losing their personal and credit card information to a crime syndicate. To put it in perspective, if only one million of the potential 75 million victims have $25 stolen from their credit card accounts, that is a $25 million profit for the criminals without having to leave the house.
“The Sony incident yet again begs citizens to be very careful about whom they entrust with their personal information,” says Alan Rehbock, sales and marketing director at Magix Security. “The only option open to these victims now is to change all their passwords and cancel their credit cards, immediately.
“However, the real question in this case could be asked of Sony. How can a multibillion-dollar company with a good market reputation allegedly be so careless? In my opinion, Sony is simply the company that was caught out. This incident clearly demonstrates the dangers of corporations failing to use high-level information security and audit controls for sensitive data.”
Fundamentally, the security of each organisation hinges on how well IT balances convenience and openness with controls and accountability. Those organisations that work to bring IT into balance, introducing accountability through the segregation of duties and adequate auditing controls, while providing sufficient resources and incentives to provide proactive security, will always come out ahead.
Rehbock offers seven tips to companies looking to secure their data effectively without hampering productivity:
1. Be proactive when it comes to securing your IT environment. Deploy an IT risk and compliance management solution and undertake regular vulnerability assessments to help you fully understand your risk profile.
2. Provide tools to automatically track and reliably change passwords, particularly for sensitive accounts such as; administrator logins, embedded application-to-application passwords and privileged service accounts.
3. You need to know who has access to your network, therefore, put technology in place to track privileged logins, delegate access, and change these powerful credentials after each time they're used.
4. Prevent data breaches by randomising administrator passwords and providing fast, secure administrative access.
5. Protect your executives. Make sure you know who has access to the files on your executives' computers and to the data senior managers use every day. Anyone with knowledge of the right credentials can gain anonymous access to read, copy and alter data.
6. Take the initiative to regularly update your IT administrator's technical skills when it comes to security.
7. Encrypt the data on all endpoint devices. No excuses.
These tips are not new or revolutionary; they are best practices that are unfortunately not properly applied in business today. And this lack of application is why we have incidents such as the Sony drama.
Share