Foxit have recently announced a data breach. See HERE.
In line with GDPR regulations, the breach has been duly reported, hopefully in the specified time period. This would be a huge step forwards in transparency and security. Pre GDPR, companies might not reveal data breaches until weeks or months later, leaving account information potentially vulnerable to further exploits. Arguably, the reputation of those companies was put before the security of their clients’ data.
However, this does raise serious questions about the security of the “Cloud”, a term bounced around and used by so many to describe so many different things. For the record: my layperson’s definition of the Cloud is “someone else’s computer kit, controlled and managed by someone else, somewhere else – but not at your place” (unless you have your own private Cloud). Therefore, the security of the Cloud is paramount, as the efforts of hackers to force their way in, often for illegal and criminal activity, increases because the rewards are much larger when Cloud organisations hold so much of our personal information. This data is valuable and sellable, and the law enforcement authorities are struggling to keep up with the hackers to stop them or bring them down.
What can you do?
There is much we can do to minimise the risks – dare I say let the hackers get data from those who don’t take these risks seriously!! Perhaps this is the same as crime and theft prevention generally, deter thieving criminals from your place so they go elsewhere, easier to steal from.
Education: Teach your IT users how to be safe and secure with IT data, personal and business information. Make them aware of GDPR rules and regulations, bring your data security policies up to date.
Enforce robust and unique and complex passwords for ALL accounts. A lot of these data breaches would be relatively inconsequential if people used different passwords for different accounts. However, users have a habit of using the same password for many accounts meaning that hackers can test them against other accounts and gain financially.
Use a hierarchically managed and centralised password management tool – users, groups, etc.
Ensure a robust Bring Your Own Device (BYOD) policy, if you must have one. We would advocate organisations own the IT kit their staff utilise; this gives far better security and lockdown capabilities and ensures personal, digital activity does not compromise business interests.
Revisit and review security policies regularly.
Test your IT security: IT security companies and Managed Services Providers can provide a whole host of security testing to reveal any weaknesses.
Use a competent Managed Services Provider (MSP) who can advise you and assist in ensuring your risks are minimised.
Image source: https://indianprinterpublisher.com/publishing/cloud-computing/