Sony Hack Attack Shows How Vulnerable Your Own Site May Be

The Interview
12/26/2014

News of the nefarious cyber attack on Sony Pictures spread across the country like another Pearl Harbor. Ok, like Pearl Harbor, the movie with Ben Affleck, a rather big dud. I mean, really, do you know where you were when you heard Sony was hacked? Yeah, neither do I. Sony execs probably know, but I doubt if any of the rest of us greeted the news with horror.

The cyber attack, however, has turned into great fodder for TV comics, breathless news commentators, and script writers rushing to get a draft of this new ripped-from-the-headlines, revenge-by-Internet tale in the hands of studio execs first. The common prediction is the story of the attack will make a better movie than the one the hackers got pulled.

Regardless, the incredibly effective and damaging attack on Sony, the studio's decision to pull its move "The Interview" from theaters, and the strong suspicion that North Korea is behind the attacks (You think!?) has been fascinating to follow. There's also strong suspicion the North Koreans had help from Chinese cyber-warriors, though I suspect Chinese leaders may be miffed that their expert hackers were used for such a public and stupid target. The repercussions in international politics this spectacular hack will have are still unclear.

It should also serve as a warning for any business that security remains a key issue for websites, email programs, mobile phones and any computer network that connects to the Internet. If a company like Sony Pictures can be so thoroughly and destructively hacked, how can you be sure your business computers are safe?

The fact is, you can't. Most likely, North Korean cyber warriors aren't going to target the computer system of a small business in a Midwestern town, but a computer virus once let loose can spread. A virus doesn't care what size business you run. It also doesn't take state-sponsored hackers to break into your system. Home grown hackers who may have a gripe with your company, or just want to break into your system for the fun of it, are also serious threats. No matter what the size of your company, your computer system is vulnerable.

But you can make it more difficult for the hackers, and less damaging for your business, if you make some common sense decisions to protect your network.

Treat Your Email as Public

Sure, your email is not supposed to be public. But once you send an email, you have no control over how it's resent. Emails are like zombies. Even when you think they're long dead and gone, they can resurrect at the most inopportune times in the most unlikely of places.

There's a common rule that security experts urge you to follow to protect yourself: Don't send an email that you wouldn't want to see appear on the front page of The New York Times, or worse, on your daughter's Facebook page. Whether you're sending a confidential memo or just spouting off about a customer, think twice before sending it.

Email accounts are notoriously vulnerable. There is no security upgrade that prevents a trusting person to open an attachment from an unknown source, or from a sender posing as someone the person knows. That attachment could allow a hacker to download sent emails and addresses from your contact list. It could also give the hacker access to company records and sensitive information.

Email is perhaps the weakest link in your network because it depends on humans to not act foolishly. Good luck with that, right? Nevertheless, create a policy and make sure your employees are aware of it and what it says about how to treat email, not to download attachments from unknown sources, and don't share or transmit passwords for email accounts or secure websites.

Install and Upgrade Security Software

Security software developers are always trying to stay on top of the latest virus and hack attacks, and hackers are always working to bypass the latest security software. It is a continual battle fought down the back alleys and hidden corners of cyberspace. The best security software is backed by developers who continually look for threats and frequently upgrade the software to meet those threats. When you receive a notice to upgrade a program to fix security issues, install the upgrade.

Install Security Updates for Browsers, Programs

Browsers are vulnerable to hacks and viruses, especially if you don't update your browsers regularly. Same is true of programs such as Flash, Adobe Reader and other helper programs that let you view interactive and special content on the Web. Software companies will make upgrades available when they learn of new vulnerabilities to their products. Don't wait to install them.

Stay Informed

You don't need to be an expert in Web security. But you should follow the news, be aware of the trends, and mostly make sure you or someone in charge of IT reviews security upgrades and user procedures regularly. Whether a hacker purposely targets you, or your company's network is just caught in the electronic spread of a virus, the threats are real. You need to be vigilant.

Ready to get started on an awesome new website?