The importance of ensuring maximum security for company data has been highlighted this week with the data breaches that have occurred within 2 giant companies, Uber, and Rockstar Games.
In the case of the Uber data breach the hacker tricked an employee into allowing them access to the Corporate Network.
Once inside, the attacker discovered unsecured file shares containing passwords that gave them access to almost every IT System within the business, including Amazon Web services, VMware and Slack.
The Rockstar Games hack on the other hand was an attempt to hold the company to ransom, looking to negotiate a deal for the return of unreleased data including the source code for the highly anticipated game Grand Theft Auto 6. The hacker has since leaked in game footage of GTA6.
As both of these hacks occurred in a close time span and using the same method it is suspected that they were both carried out by the same individual. The method that was used for these hacks is called Social Engineering and has been used to carry out several high-profile accounts in recent times, but these have been mostly limited to a single user’s twitter account.
Social engineering is the art of manipulating people, so they give up confidential information. A common type of social engineering that most will have experienced firsthand is phishing. Phishing attacks are usually in the form of an email prompting the user to click on a link and sign into a portal with their account details. These logins are then stored and used to access company data.
There are a number of methods Rejuvenate IT recommend to prevent these types of attacks and protect sensitive company data from any attackers.
The best method to protect from these attacks is by using Multi-Factor Authentication (MFA). MFA is a second prompt that will appear after typing in the password for your account. Common MFA setups are a SMS message to a mobile number or a 6-digit code in an authenticator app.
Another method for protecting against these attacks is by randomly generating strong passwords and storing these passwords in a password manager such as BitWarden. Randomly generating passwords will stop a user from re-using the same password. This will mean if someone did fall for a phishing attack, they would only have access to a single account and would not be able to use the same details to log into multiple services.
The final method Rejuvenate IT recommend to secure company data is by educating employees on these threats. Cybersecurity experts believe that humans are the “weakest links” when it comes to protecting company data. Teaching users to recognise these threats and how to react upon receiving them, will dramatically reduce the risk of these attacks.
Prevention is always better than recovery. If you have any concerns Rejuvenate IT will always be happy to help. Please feel free to give us a call on 01202237273.