Today is not a good day to be an employee of the US federal government. One of the worst data breaches in history has compromised the private, sensitive information of at least four million, but potentially as many fourteen million, current and previous government employees.
The hack targeted the Office of Personnel Management (or OPM), which essentially acts as a big human resources department for the federal government. It houses information including names, social security numbers, phone numbers, addresses, job assignments, performance reviews, training records, and more on all government employees and contractors.
The government was quick to point to China for the blame, specifically hackers in Beijing. The OPM became aware of the breach back in April, but the attack had been going on for some time before it was detected.
It’s bad. But is there anything useful that IT professionals can learn from the massive data breach?
1. Use Modern Encryption Technology
According to cyber security analysts familiar with the hack, the agency was not using even the minimum level of encryption, which in this day and age is absolutely irresponsible. Encrypting sensitive data, both at rest and during transmission, is not only standard practice, it is easy and relatively inexpensive to do. All IT workers responsible for storing and processing sensitive data need to be using encryption software.
2. Use Multifactor Authentication
Multifactor authentication makes it harder for hackers to break into a system. Unlike passwords, which are easily stolen and potentially possible to guess, multifactor authentication is an additional step toward assuring that unauthorized persons are not able to enter the systems. It is essential when working with sensitive data that is likely to be stolen, such as personal identities and corporate secrets.
3. Collect & Save Forensic Evidence of a Breach
When an IT worker or team discover a data breach, it’s tempting to try to shut it down and erase everything as soon as possible. But this removes the forensic evidence left behind from the attack that may be the only lead available to track down and prosecute the hackers responsible. In the case of the OPM hack, the perpetrators are likely in China and unavailable for prosecution. But with the forensic evidence in hand, you can move toward prosecuting any hackers within your country or in a nation with extradition agreements, or can at least pin the blame where it rightly belongs.
4. Don’t Collect Data You Don’t Need
Data, data everywhere. Are you collecting data on people or businesses that you don’t really need? In this age of cyber crime and cyber terrorism, having data is a risk. There’s no need to assume risk you don’t have to by collecting and storing unnecessary data to begin with.
To improve the security of your data storage even further, consider the power, flexibility, and security afforded by the Full Metal Cloud.