There are two types of companies. Those that have a Cybersecure Culture and those that do not. In this day and age where every company is a perpetual target, there are some mistakes which make it all too easy for hackers to gain access to important information. Data which could sink your company or in this case perhaps two companies.
Thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon server, potentially for most of the year.
The files have been traced back to TigerSwan, a North Carolina-based private security firm. But in a statement on Saturday, TigerSwan implicated TalentPen, a third-party vendor apparently used by the firm to process new job applicants.
TigerSwan references TalentPen as their “former” recruiter and goes on to say its systems were never breached... Blaming the issue on its vendor.
There are a few ways to reduce the chance this situation can happen to your organization:
- Have an expert IT consulting firm or someone who knows what they are doing check your servers and systems to ensure they are secure. This needs to be done frequently. A simple penetration test or pen-test would have allowed TigerSwan and TalentPen to know their server was not secured.
- Have auditing and documentation done of your systems by someone other than your internal or current IT team. The worst thing you can do if your business is important to you is to say the following: I pay my IT team a lot so they know what they are doing. My IT team works for a Wall Street firm so they know what they are doing. A second opinion is always good to get – to be sure you are cybersecure.
- Understand the vendors you work with can be the weak link in your cybersecurity culture. You need to ask questions of potential partners. Find out who they use to secure their systems – is it an inside person? An MSP? Are they using anomaly detection to check continuously for breaches? How often have they been hit with ransomware? Do they have a solid strategy for disaster recovery in place? Ask your vendors for the results of the above items. If they stare at you with blank faces, tell them to come back when they know what you mean and can prove they have buttoned up their business.
- Cybersecurity training is crucial to every company these days. A simple cybersecurity class would have reminded TalentPen to double-check things like an unsecured server and/or other issues that could cause a problem.
In short, Cybersecurity is not just technology – it is also user-training and a culture – a cybersecurity culture which must permeate an organization. A determined hacker can always get in and mistakes are made at every organization. However, if you have the right culture… Your mistakes will be corrected quickly and your organization will be tougher to hack than the next guy – which is the ultimate goal.
A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.
To ensure your security, consider one of our most popular services — Auditing & Documentation — which pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.