Three corporate hacks and the lessons they can teach you
It doesn't matter the size of your business or the industry you're in, you're never immune to being hacked. Whether it's to steal client information, cause confusion or embarrass businesses, corporate hacks can have a devastating effect on a company. Take a close look at three high-profile corporate hacks and discover some important lessons to help you protect your business.
The New York Times: Train staff to recognise phishing emails
The news site suffered a sustained attack from China after publishing a story investigating the wealth of the Chinese prime minister's family. It's believed that hackers gained access to the Times system using spear phishing, where hackers send an email encouraging readers to click on a link that will then download malware to their portal. This allowed hackers access to internal systems and information.
The best way to stop attacks such as this from succeeding is to educate employees so they can recognise the signs of illegitimate emails. They need to know what to look for when opening a link in an email – for example, whether the email is from an address they trust, whether the graphics match those from legitimate sources and whether it's an email they're expecting.
Sony: Make security central to your corporate culture
The 2014 Sony hack was one of the biggest and most scandalous to ever hit the movie industry. A huge number of materials were taken and distributed, including personal emails and illegal copies of yet-to-be-released films and scripts. The sheer breadth of the attack and the fact it affected all levels of the business should be a big lesson to CEOs and senior staff.
Good security practices and exemplary company policies have to start at the top. No one is exempt from following protocol, and those in powerful positions should set security standards for the rest of the team. Promote the idea of ownership – who is responsible for securing which assets? Also ensure that every member of staff knows what can be shared through email and what needs to be kept secure.
Monster.com: React quickly and honestly to news of a hack
Recruitment site Monster.com was not only the victim of a hack in 2007, it compounded the issue for itself by taking five days to disclose the problem. During that time, malicious emails were being sent to customers via its system. This cost the company dearly in terms of customer trust, and damage could have been minimised with a timely apology and warning to users.
In this case, hackers broke in using stolen credentials (be sure to train all staff on how to select a secure password and keep it well protected) then used that access to steal phone numbers, names and addresses of customers. They used the information to target individuals with a phishing email looking for bank details. By keeping quiet while trying to discover the extent of the attack, Monster.com left customers feeling vulnerable. Make sure you have a disclosure policy in place that you can instantly activate if your company is targeted.
By planning ahead and training staff on security issues, you can remain confident that your business has the ability to weather the worst of the storm should it be hacked.