Aside: As an American, I am astonished that any business would cave into the demands of cyber-attackers' demands. Although Sony has made its mis-steps in privacy over the years, America should rally around Sony and proudly display The Interview everywhere simply for what it is--an act of comedy in a free society, free to succeed or fail. Rather than cheering from the sidelines or watching the censorship spectacle, let's demand this movie air in every theatre in the U.S. to send the message--Comedy, no matter how silly, is an expression of a free people.Regrettably, the backdrop for Sony's hack highlights a critical error that Chief Technology Officers (CTOs) and the organizations they serve can make--to exchange network security/integrity for political expediency and short-term financial benefits.
“Sony failed to secure its computer systems, servers, and databases(“Network”), despite weaknesses that it has know about for years because Sony made a ‘business decision to accept the risk',” the suit claimed...some of the emails released by the attackers show that the company's top lawyer as well as its IT department viewed its security setup as vulnerable to attack but the company didn't take steps to plug worrisome holes.
This is a wake-up call to all those people in suits--listen to your network engineers and internet security folks when they say to you, "We have some big holes in our network. We need to close them up."
In K-12 public schools, based on my observations, some common problems that arise include:
- A failure to create and verify that backups for critical data exist. Disaster recovery is but a part of this problem.
- Data encryption is the BIG hole in the work educators are involved in. . .
- How many unencrypted files are on USB flash drives, stored in the cloud (e.g. Dropbox, Drive)?
- How many unencrypted files are sent via "postcard" email, their only safeguard that no one is looking?
- How many of your staff are saving their passwords for critical operations unencrypted in text files or in a GoogleDoc?
- Unnecessary "holes" in the firewall that allow incoming, inappropriate intrusions.
- Failure to maintain anti-virus/malware software or to invest in quality solutions.
- Failure to conduct periodic security audits--get someone outside the organization to do it--ensure nothing "creepy" has cyber-crawled into your environment.
- And, finally, have a plan ready to go in case of a breach or hack.
What would you add?
View my Flipboard Magazine.
Make Donations via PayPal below:
Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure