Is Our Data Safe?
By Brad Egeland | minute read
Wait…I know this one. Hang on…ummm…NO! Not even close. Well, it depends, of course, on your organisation and the level of security you've wrapped around it. But I'm convinced of two things.
- If someone wants your data, they can get it
- There's no such thing as fully protected
How do I know this? I've watched it in action. For four straight years. The annual Black Hat USA Conference in Las Vegas - which also makes official stops in Europe and Asia - was held two months ago in July and 'hackers' were once again showing off their exploits. The idea of Black Hat is to show what can be done so that corporations take note and offer fixes. And when Black Hat is over all the attendees scurry over to the official real true hacker convention - DefCon at another hotel in Las Vegas as it starts just as Black Hat is ending. Let's see, the first time I ever tweeted on Twitter about Black Hat my Twitter account was hacked. And don't say you weren't warned if you attended…this was posted at the conference and online this year (and similar warnings are posted every year).
The 7 Unwritten Rules for Black Hat Attendees
- Wireless: Stay away from all Wi-Fi and turn off your Bluetooth; hacks are happening
- Encryption: Try to encrypt any information you must send. Use a VPN; people are watching
- Don't put it down: Any device left alone is an invitation not just for theft but infection, etc
- Don't accept gifts: Someone friendly handing you a USB drive may be hoping to own your info
- Anything can be hacked: ATMs, room keys, RFID cards, anything, so, be vigilant at all times
- Try to fit in: If you're just another person wearing jeans and a T-shirt, well, that helps w/above
- Don't be a sheep: The Black Hat “Wall of Sheep” lists all those who get hacked; yes, publicly! (see bullet #1)
Ok, as an IT executive or company CEO - or even as a project manager - does that cause your stomach to turn a little? It should. It's amusing, but extremely unsettling. And it's real. And this is the conference where they are supposedly trying to help show the security flaws so you can fix things and protect yourself, your product, and/or your customers.
Our data isn't safe people…and as project managers we aren't paying enough attention to it. As IT leaders, we aren't paying enough attention to it either. Data security needs to be a concern, a hot topic, and a noted risk on every project we manage. Just today we learned that the new Apple iOS7 can be hacked on your iPhone very easily through a series of button pushing steps and a user who found your phone could then access your photos and data and start sharing all of it with everyone. Apple has been duly notified…look for a 'fix' to come very soon (you heard it here first, though).
We live in our comfortable world thinking it won't happen to us until it does. Someone hacks our Facebook account and we change the password to fix it. It's an easy fix, but we forgot to stop and say…"hey, someone just hacked me…what?!?" And as I said, I was hacked on Twitter right after tweeting about some info from the Black Hat USA 2012 Conference last year here in Las Vegas. No doubt it was a hacker attendee showing off his skills. The thing is, those are the innocent ones – no damage. But they happened and for everyone of those, there are many more that are damaging – potentially in the millions of dollars damaging. We need to be more concerned about these infringements on our privacy and security. We need to be more aware. And we need to analyse how sensitive our data is on the projects we are managing and take note of what we would do – during risk analysis – should our data security be breached. It can happen…it does happen.