The former chief security officer of Uber has been charged with attempting to conceal a 2016 data breach that exposed the information of more than 50 million users to hackers. A complaint filed in San Francisco alleges that Joe Sullivan, “engaged in a scheme to withhold and conceal” the breach, and the volume of data exposed, from the US FTC.
It is alleged that Uber arranged to pay $100,000 to the hackers in exchange for signing a NDA about the hack. Uber did not disclose details of the breach or the alleged payment until near the end of 2017. Sullivan is currently working as the CSO of the Internet infrastructure company CloudFlare.
This shows that hacking and data breaches can have extended and far-reaching consequences. So what are the best ways to protect your organisation from cybercriminals?
Invest in decent quality anti-virus and firewall software. And make sure that it is switched on and that it is configured on all devices to automatically update when patches are released. Out-of-date software can potentially provide cybercriminals with a ‘way in’.
Encrypt all important data and back-up regularly to the cloud as well as to an external hard drive or USB stick. All reputable cloud back-up providers will provide full encryption for files/data that are uploaded. They will also keep backups of backups in multiple locations to ensure that you are always able to access your files.
Only log-in to accounts from your own devices. Using public or other people’s devices potentially makes you vulnerable to keystroke logging software which tracks what is typed and can therefore capture your credentials. Don’t use real answers for security questions – use made up answers that only make sense to you. This is because it is now highly likely that hackers could find your first school or mum’s maiden name using a simple internet search – this information is often available in the public domain.
Use a password manager such as LastPass to enable you to use long, hard-to-guess, and unique passwords without having to remember them. And never keep your passwords written down.
Use multi-factor verification if it’s available. This means that there are extra layers of security that hackers need to bypass. Having a code sent to your phone or your email to enable you to login means that only the person in possession of that device or access to that email can access the systems.
Always lock your devices using either fingerprint recognition, a secure PIN, or unique gesture. This makes it much harder for those who steal your devices to access private information on them. Password protect your home Wi-Fi network, and always change the default admin password on your routers. Don’t use public Wi-Fi. Everything you do while connected can be monitored. Instead, use a VPN to ‘cloak’ yourself and your data.
Always logout fully so that no-one can ‘jump in’ to the system and potentially pose as you. Only visit secure websites. Check for ‘https’ in the address bar and the padlock icon. If you think a website link is suspicious, don’t click on it.
What to do if you think you’ve been hacked?
The main thing is to stay calm and focus on damage limitation.
– Inform anyone who may be affected such as colleagues, managers, personal contacts, banks, etc.
– Change your passwords on the site/application that you may believe has been hacked. Then change any others where you have used the same password/log-in details.
– If a device has been stolen/lost, look at wiping data remotely (if possible).
– Inform the authorities of any devices that have been stolen.