Last night, the famous CBS Television program 60-Minutes, highlighted a case of an American company which, yet again, fell victim to the concerted Intellectual Property rights theft perpetrated by the Chinese Government, according to the program. It is not the first report of such activity by an International competitor, nor will it be the last. Being completely obvious, stealing digital information from an established Company in the United States is worth its weight in BitCoins to ANYBODY. As it is sad and apparent that the Chinese legal system allows for virtually NO recourse in these matters, it is time for the Management Teams of America to WAKE UP !
Please follow this simple “Christoph List” of action items to ensure your viability:
Make sure all Servers and Workstations have automatically updated Anti-Virus and Anti-Malware software installed and you spend the $20 per workstation per year
Setup up ALL users, even CFO’s, CFO’s and especially CPA’s as a STANDARD user, not an Administrator. This will prompt them for Administrator credentials every time they are installing software. Just because they are a principal entity in your organization, does not mean that they know ANYTHING about IT and Malware.
Do not listen to the whining of the users and make your passwords longer and more complex. .The most effective passwords and a combination of everyday words that a user can still remember (i.e. jumpmorningstart) Making the system easily accessible for the user is NOT your primary concern.
Follow the guidelines of major Software Companies and change your passwords frequently to avoid exposure.
Depending on your organization’s size and diversity, limit the websites that your Users can visit from a central location, to those relevant to your Industry and your Business. If the user truly has some urgent personal business, they can always use their Smartphone.
Invest into a Corporate-Level Router in between your ISP connection and your actual network. This device would allow you provide additional network-wide security.
Monitor your key-employee corporate e-mail regularly by actually reading it. Knowing that you have access to that information is not sufficient. Nobody expects to have privacy when communicating on their corporate e-mail system.
Hire an IT Resource that is competent and knowledgable. They are the guardians of your Information and their Knowledge and Background should reflect their Responsibilities.
Although these steps appear simple and very basic, an intrusion into your network would become much more difficult. The CBS News 60-Minute program, mentioned specific intrusion techniques that would have been addressed by the above mentioned techniques. Specifically:
One of the key-employees was making arrangements to sell corporate information and access through the corporate e-mail system.
An e-mail addressed to the Board and Management Team was tagged with Malware. An e-mail Sender address is the easiest thing in the world to fake.
Keep your Intellectual Property save and secure !!!