“They” Hacked The State Department. Are You Next?

The State Department’s unclassified email system became the latest victim of a cyberattack last week, right around the same time as White House systems were breached. The State Department breach follows intrusions also detected at the White House, the Office of Personnel Management and the U.S. Postal Service and National Oceanic and Atmospheric Administration; all in the past few months. This begs the question, “how safe are the systems and procedures we use everyday”? Surely, if these hackers can breach the systems in place in these large federal agencies they can get into your companies systems and mechanisms, right? If that’s the case, is there anything any of us can really do?

The answers to these questions may surprise you. Truthfully, it’s not overly difficult to design, build, and construct systems and processes to protect your companies systems and infrastructure. It’s actually relatively affordable and not as complex as you might expect. The problem usually lies in the humans that inhabit all of our buildings everyday.  In the same way that you could build an impenetrable fortress – yet leave the gate unlocked allowing enemies to access your vulnerable interior – humans unknowingly leave gates unlocked on a daily basis allowing opportunities for potential breaches.

Think about it like this: every e-mail, facility entrance, digital download, and laptop or client could be a potential entry point for a cyberattacker. Now consider that just about every single employee inside your organization is a gatekeeper for one or all of these items. It’s pretty easy to imagine the risk this creates. A simple slip up in security procedure; an unlocked door, opening a spam e-mail, or downloading a hidden virus could potentially expose your entire company. However, with the right systems in place and proper training for all employees, this risk can be reduced exponentially.

PhysicalSecurity300So how does an organization properly establish that they have the right procedures and systems in place, and most importantly, how do they properly and effectively train all of their employees? Step one usually includes a meeting with your IT staff to determine their understanding and knowledge of current system setup and information security. They can usually help you determine how prepared, or unprepared, your organizations current plans are. Once these parameters are established, it only makes sense that you would test these protocols. It’s at this point that organizations should consider conducting a penetration test – a specific information security test that attempts to simulates a system breach to determine overall effectiveness. There are many different types of penetration tests, and depending on your company’s primary enterprise you may need only one type, or a combination of several. These tests should include analytics, reports, and training for employees upon completion. This information is vital to the improvement of your organizations information security.

Ultimately, it’s vitally important that your organization have these tests performed by true professionals and experts that have a proven track record of performing this kind of work. The industry is scarce with experts, so be wary of singular resources performing the work with little background work.

The reason why we continue to see large entities like the State Department and Apple continue to experience troubles in this area is simply due to the large volumes of risk points each organization possesses. Through proper testing and training, your organization can effectively reduce your risk to this sort of attack, and stay out of the media for all of the right reasons.

For more information about penetration testing, security training, and IT services relating to information assurance, use our contact form below.

Advertisements

Tips To Avoid Being Hacked At Work – #3

phone

This is the third week that we are publishing ways to avoid being hacked at work. Again, we hope that even if you and your organization are fully aware of these tactics that we will be able to further heighten the awareness so your organization will be ready when these attacks occur.

#2 Always double-check IT directions. In the fast-paced world we live in, many IT problems and issues are solved remotely or over the phone. If you ever receive a call or instruction from someone claiming to be in “IT” always get some form of confirmation before proceeding forward with their direction. A common trick for hackers is to call employees and request remote access to their client or laptop. They may also try to gather privileged system information. Prior to handing out any information, always ask them to directly confirm their credentials, or feel free to double check with a superior or management to confirm their authenticity. It would not be considered rude or uncommon for you to suggest to the person on the phone that you will call them back once you have confirmed the instructions.

The idea of penetration testing seems to be something that has grown at light speed over the past few years as well-known names like Target, Zappos, and Apple have come under intense attention for their public security breaches. Information security is a growing field, and resources in this area are scarce. Nevertheless,  there is a need in the marketplace for this type of security like never before. PenTestPros.com has been told over and over again, that experts in this area are hard to find, and even harder to employ. The basis of PenTestPros is that we solve this challenge by offering direct services, at a reasonable cost. To find out more, visit our links above our utilize the contact form below.

Tips To Avoid Being Hacked At Work – #2

This is the second week that we are publishing ways to avoid being hacked at work. Again, we hope that even if you and your organization are fully aware of these we will be able to heighten the awareness so your organization will be ready when these attacks occur.

#2 Follow all badging and physical security and visitor protocols currently in place inside your organization. The best way to hack into an organization or to gain access to private information is to walk right in the front door. Security threats will often gain access to sensitive information by simply walking into a company headquarters, finding a conference room, and plugging in to the local intranet where information is often thinly protected. By following all physical security and visitor protocols you can assist your organization in tracking who should and shouldn’t be in your building. Also, always be aware of your physical work space and “do not” be afraid to ask questions or call someone if something or someone looks suspicious.

The idea of penetration testing seems to be something that has grown at light speed over the past few years as well-known names like Target, Zappos, and Apple have come under intense attention for their public security breaches. Information security is ever-evolving and penetration testing addresses these issues head on. We have been told over and over again, that experts in this area are hard to find, and even harder to employ. The basis of PenTestPros is that we solve this challenge by offering direct services, at a reasonable cost. To find out more, visit our links above our utilize the contact form below.

Tips To Avoid Being Hacked at Work – #1

We are sending out three important “Ways To Avoid Being Hacked At Work”. We hope that even if you and your organization are fully aware of these we will be able to heighten the awareness so your organization will be ready when these attacks occur.

#1: Always check the address in the “from” section of your e-mails. One of the most clever tricks used by external hackers is to send messages to employees that appear to be from the companies IT department. These e-mails will often ask you to download “software updates” or other files. By simply checking and confirming that the e-mail address is legitimate could save you from this easy trick. Note: It’s always good to confirm with IT prior to downloading or updating any files that are sent via e-mail.

The idea of penetration testing seems to be something that has grown at light speed over the past few years as well-known names like Target, Zappos, and Apple have come under intense attention for their public security breaches. Information security is ever-evolving and penetration testing addresses these issues head on. We have been told over and over again, that experts in this area are hard to find, and even harder to employ. The basis of PenTestPros is that we solve this challenge by offering direct services, at a reasonable cost. To find out more, visit our various pages above to contact us or learn more about our service offerings.

Penetration Testing In St. Louis

PenTestPros.com hosted a programmers, hackers, and tech entrepreneurs networking event at Chameleon Integrated Services headquarters on February 6th, 2014. The event was a first of it’s kind in St. Louis.

The event was recognized by some of St. Louis’ fastest growing start-ups, top tech publishers (Techli), and was attended by the areas top professionals. Chameleon Integrated Services (CIS) has proven to be an industry-leader in IT security in the St. Louis area.

For more information about CIS’s (PenTestPros.com) commercial IT security offerings, visit our “What We Do” page above.