Just when many people began to believe the 2016 U.S. presidential race couldn’t become any more bizarre, The Democratic National Committee (DNC) revealed that hackers had stolen and leaked sensitive documents, including a 200-page opposition research book detailing aspects of the party’s battle plan for the coming election.
The DNC confirmed that its computer networks had been breached by hackers — not from the political opposition as might be expected — but by hackers working for the Russian government. The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic.
The DNC was quick to claim that the opposition document is virtually worthless as a source of useful inside information. It was written in 2015, was very preliminary, and focused broadly on the primaries and primary candidates.
“Our experts are confident… that Russian government hackers were… responsible for the breach. We believe… it may be a part of a disinformation campaign by the Russians,” reports a senior DNC official. “We’ve deployed the recommended technology so that today our systems are secure….”
The intrusion was one of several targeting American political organizations. Presidential candidates Hillary Clinton and Donald Trump were also targeted, as were the computers of some Republican political action committees, U.S. officials said.
Hacking today is so prevalent that the public is beginning to accept it as an unavoidable fact of life. The term and the practice have been with us since the early 1980s. Unless hacks have truly major significance — such as the mass theft of consumer credit information — they rarely have an impact on public consciousness.
There is also a developing sense of impotence. Businesses see national retail chains (Target), major motion picture companies (Sony), international banks (Bangladesh) and government agencies (U.S. State Department) routinely being hacked. The question: “If these organizations are vulnerable, what chance do I have?”
Fortunately, there are some steps you can take to minimize the risk. Here are three tips from CIO.com:
- Don’t store more customer data than you need. There’s often no reason to keep credit card numbers and other sensitive customer information. Purge customer records once that data is no longer relevant or needed for the business at hand.
- Put the right technologies in place. First and foremost, make sure you have a firewall protecting your network. Require strong passwords — even those that require two-factor authentication — to access sensitive information. Use cyber-protection software that hunts for viruses and malware on your website and as you search the web. Update the patches on your software regularly.
- Train your employees to thwart attacks. Many breaches, including the Target breach, occur because employees unintentionally hand over sensitive information to hackers presenting themselves as reputable persons in need of information, or because they click on malicious links sent via email. Supply employees with best practices — such as using strong password protection and secure networks when working remotely. Training employees on how to look for — and avoid — such breaches can protect a business from being among the next victims.
Unfortunately, the cyber warfare arms race continues to escalate. It’s reminiscent of the ongoing battle between drivers who like to speed and the highway police who want to stop them. As police improve their radar, manufacturers of radar detector equipment quickly go “one up.”
Perhaps the best way to help ensure that your system is as secure as possible is to work with cybersecurity professionals. An in-depth analysis of your network(s) can reveal weaknesses for which there are remedies. It’s our job to keep abreast of the ever-changing cybersecurity landscape for the benefit of clients.