By Stephanie Gallagher, JD
stephanie.gallagher@corporatecompliance.org
Presenter: Gary Glover, Director of Security Assessment, SecurityMetrics
With data breaches making headlines over and over again, data security has become, and will remain, a hot topic in compliance. At the 2015 Compliance & Ethics Institute, I had the opportunity to attend a session presented by Gary Glover, Director of Security Assement at SecurityMetrics. The session involved a live hacking demonstration – How cool!
Personally, my coding skills are elementary at best, so getting to see how hackers actually access information is incredibly interesting. Through the hacking demonstration, it was shocking to see how easy it can be to hack into another computer. Although it was a fictitious business (we weren’t exposing anyone’s protected information), the demonstration hacked into the computer using remote access in a matter of minutes. Once inside of the computer, it was incredible to see how much important information may be exposed. Hackers can even access a computer remotely to install malware.
One of the most interesting things that I got out of the session is that you don’t have to be a master-coder to hack into a system. There are pre-made tools out there that, when used together, can break into a system. This information really drove home the importance of having a data security program in place, and making sure that passwords are secure.
Here are a few things to keep in mind when addressing security concerns within an organization:
- Change default usernames (don’t use common names like “admin” or “guest”), make it a personal username.
- Consider using 2-factor authentication for remote access.
- Don’t give employees access to all data, make the decision internally as to what information is necessary for each role within the organization.
- Use a passphrase. Don’t make it easy, like a pet’s or child’s name.
- Start using vulnerability scanning to automate regular tests on software, hardware, and network structures.
Having the opportunity to see a live hacking demonstration was something that was very eye-opening in terms of how vulnerable data can be. Keeping up with data security standards and compliance will clearly continue to be a hot topic to watch.
Don’t forget to submit your 400 word article about your experience at the CEI to Liz.Hergert@corporatecompliance.org by October 14th to be featured in the special edition of Compliance & Ethics Professional!
[bctt tweet=”Compromising Remote Access: A Live Hacking Demonstration @SCCE #SCCEcei” via=”no”]