The phrase “new normal” usually offers little comfort — particularly when stolen secrets are in the mix.
It’s true. Data breaches have become so commonplace that we’re nearly numb to them. But now a new report indicates, the damage might be more widespread than any of us wanted to believe.
As many as 30 percent of CEOs may have had their email credentials — including passwords and the contents of their correspondence — exposed in recent breaches.
The Report
The findings in question come from F-Secure — and they’re not terribly encouraging. The sample size was relatively small, admittedly, but it included 200 CEOs from some of the world’s most prominent companies in their respective fields. Of those 200, 30 percent were confirmed to have had some of their email passwords and other credentials “leaked” to online databases.
If you look closer, you find something remarkable: Of the technology companies represented in the sample of 200 CEOs, a nearly two-thirds (63 percent) saw their credentials stolen. That makes this new revelation something of a paradox. The more closely your company works with and depends upon secure and confidential technologies, the more likely you are to be targeted by folks who wish you harm.
That’s a problem for businesses of any size whether you’re big enough to show up in an F-Secure poll of CEOs or not. So what can you do about it? The good news is twofold — you’re not alone, and you have steps you can take to protect yourself.
How to Keep Your Company Email Secure
Email accounts are famously susceptible to hacking and false-flag operations, as driven home by the 2016 presidential election in America. Even when state secrets and bad behaviour aren’t being aired publicly, though, there’s plenty at stake. Neither your company nor anybody else’s deserves to be compromised by data thieves. Here are some steps you can take to keep your company secure.
Tip 1: Keep up With Software Updates
It is popular to complain that software updates arrive too frequently to keep up with. It is also popular to ignore the ways modern operating systems make frequent updates painless to perform.
Both of the current mainstream desktop operating systems — your team is likely to use either Windows or MacOS or both for business — give options to perform updates automatically and/or at times of your choosing, such as early in the morning before work begins. They don’t have to be an inconvenience.
Individual pieces of software require regular updates to keep you safe as well. Don’t skip or postpone these. Just as vectors of attack seem to proliferate over time, developers keep on their toes to patch vulnerabilities as they become known. Skipping a software update just once could mean leaving your trade secrets and private correspondence unprotected.
Tip 2: Improve Your Password Practices
The year might be 2017, but lots of folks still don’t take “password hygiene” seriously. The truth is, the quality of our passwords is often the weak link in an otherwise robust security regimen — but it doesn’t have to be that way.
If you rely on lots of passwords for work or company operations, invest in a password manager like 1Password, Dashlane, LastPass or KeePass. Most of these services have individual and team-based subscription offerings. Some are free to use.
Beyond that, change your passwords regularly and, if you can manage it, choose something unique but also simple enough to remember. An emerging consensus is to choose meaningful but apparently random words and string them together into a password. This makes it easy to remember and type in, but unintuitive for a would-be hacker to guess.
Tip 3: Use Encrypted Email or Nothing at All
You likely wouldn’t enter your Social Security or credit card number on a website without the telltale “https” or padlock icon beside the URL. Similarly, shifting away from unencrypted email is a common-sense step you can take to avoid unnecessary risk to your correspondence.
Encryption can happen at the server level either as part of your provider’s basic services or as a third-party software solution. To put it another way, encryption is available to you no matter your budget. If you rely on all-in-one webmail solutions, make sure the service you use is encrypted as a matter of course and uses two-factor authentication. Some trustworthy choices include ProtonMail, Hushmail, Tutanota, NeoMailbox and more.
Tip 4: Keep Your Employees Educated on Security Measures
A lot of what we’ve talked about here today sounds like something that starts with management and trickles on down, but the truth is that a great deal of security depends on the smallest of human actions to get right. That means making sure your employees always have a practical working knowledge — and an up-to-date one — about the current security landscape and how it should inform their conduct at work.
If your company allows employees to conduct business on personal mobile devices, for example, that’s great. Just make sure you provide security measures for those employees, as this is a common avenue of attack for data thieves and hackers.
Another example? You might be surprised about how many employees click suspicious links in emails from senders they don’t recognise. This kind of “blended attack” accounts for about 42 percent of email-based phishing attempts. This is just about as basic as you can get when it comes to email security best practices, but it’s also something that gets neglected without regular reinforcement. Emails themselves don’t always contain the malicious code or program — but clicking a mysterious link might take you to a download page.
Ensure Everyone Is in the Security Loop
Consider assembling some company resources on this topic. Keep them available in a central company directory, so anyone can refresh their memory when they need to. Make security a regular part of training for new hires. As new tools and practices become available, help your teams organise team get-togethers to make sure everybody knows how to use them.
Like it or not, keeping our private information private has become a full-time job. Happily, it doesn’t have to be a difficult one, too. By seeking out more robust technologies and making simple changes to your company’s everyday practices, you can keep your organisation from becoming a statistic.
The post New Report: 30% of CEO Emails Exposed in Breaches appeared first on IT SECURITY GURU.