When you think of your data breaches and hacks, you likely thinking of massive exploits for hundreds of thousands or millions accounts. You probably think of places like Home Depot and Target. You probably don’t think of small businesses. You probably think that all hackers are masterful software engineers, pioneering viruses and programs designed to take your network down. Don’t get me wrong, some of them are. But recently a Romanian hacker admitted to compromising nearly 100 e-mail and social media accounts of the United States government. He’s not a hacker in the traditional sense of the word, far from it. He has no coding skills at all, according to CIO.com and was not exploiting software gaps missed by antivirus programs. The confession of Marcel Lazar confirms what many of us in the technology consulting business have known at all along: When it comes to disaster, your people are your biggest liability.
What did he do?
Over the course of two years, Lazar hacked the e-mail and social media accounts of nearly 100 Americans to obtain their personal details and information. The biggest target was former presidents and other members of the government, releasing photos, documents and information stolen from e-mail accounts.
How did he do it?
Lazar admitted in this interview with pando.com that he gained access to personal accounts by merely guessing the passwords, answers to security questions, by first using names of the schools they attended. Using nothing but creative thinking, Lazar gained extremely confidential details into the actions of figures like Colin Powell and Hillary Clinton.
What’s the lesson here?
Many like to think that network infiltrations are going to be from hackers that have created a masterful new age virus or that their network is going to be taken down by a major storm, but the confession from this hacker (with no development experience whatsoever) proves that it is easier than one would think to identify passwords and other secure information from user accounts.
How can we save our personal and business accounts?
We can’t stress enough the importance of training your employees, your managers and your executives in the importance of password security. Our information is increasingly available online and it’s up to us to do our diligence to ensure that our account is secure. This means updating security question answers, choosing the most secure passwords and electing to use two-factor authentication whenever possible.
Take the moment to establish clear policies for security and do what you can to ensure that your employees are selecting the appropriate passwords and doing their diligence to help avoid infiltration by hackers. Add a level of security to that by establishing managed antivirus and updating software on firewalls and routers and using best-practices for backup, business continuity and data security. People make mistakes, but by implementing multiple lines of defense, you can better protect your organization from hackers.
This article was written by David Spire from Business2Community and was legally licensed through the NewsCred publisher network.