On June 4, 2015, U.S officials announced that the biggest government hack occurred last December. Hackers working for the Chinese state were responsible for the breach the computer system of the Office of Personnel Management (OPM). The OPM is a government agency that screens and hires federal workers and approves security clearances for 90 percent of the federal government. These stolen records are popping up for sale on the “darknet” and are being actively traded.
Don’t put your employees and clients at risk. Damages from data cybercrime are not reparable.
In the case of the OPM Hack, is far deeper and more problematic as it affects the financial information of 4 million employees and anyone that has gone through the security clearance process. As a result, those affected must carefully watch their credit scores and personal finances, along with spear-phishing emails which are designed to fool people that receive them into opening a link or attachment so that a hacker can gain access to computer systems. Using the stolen OPM data, for instance, a hacker can send a fake email posing as a person’s colleague from work.
Is compliance security?
Compliance does not equate to security. For example, you might have a maintenance log in place to comply with a regulation or policy. However, without active maintenance and monitoring of the logs, you would not have awareness of any potential breaches.
Here are tips on Achieving Compliance and Security
- Map your IT environment to be situationally aware, inside and outside of your network. Are all of your assets networked?
- Perform Due Diligence by ensuring that your vendors and their partners are compliant and secure.
- Share information outside of the IT department and train employees on how to spot cyberattacks to increase vigilance.
- Eliminate redundancies by inventorying your reports, flagging redundancies, and removing reports that take up space but add little value. Proper cybersecurity involves proper analysis.
- Use compliance as a guide and grow beyond compliance and into the realm of being truly secure
- Operate in a strategic, tactical, and operational manner. Adhere to a common methodology that incorporates threat analysis and threat intelligence across systems and processes.
Don’t fall victim to having a false sense of security simply because your systems are compliant. Are you monitoring your systems and network, and do you have a strategy to combat cybercrimes?
Valeo Networks (Valeo Networks) is a Managed Services Provider that can help protect your organization. Contact one of our IT regional offices, California (805) 222-4977 or Florida (321) 604-6165 or check out our website for a full list of our offered services.