Lessons SMBs Can Learn from the NSA Spying Scandal

Paul Mah
Slide Show

Spear Phishing, Targeted Attacks and Data Breach Trends

The recent revelation that the National Security Agency (NSA) has been engaged in mass spying within the borders of the U.S. has emerged as a shock to many. While the spying was allegedly targeted only on non-residents, it should be clear to even the biggest skeptics now that no individual or business can claim immunity from incidents of hacking and snooping in this age of pervasive digital connectivity.

Given that a foreign government or competitor could well employ similar tactics to those used by the NSA, it is important to learn a lesson or two from what has taken place to date. I highlight a trio of suggestions below.

You can never be too small to be a target

The capabilities of the NSA and its ability to target individuals as necessity demands reveal the fallacy of considering oneself “too small” to be of interest. Indeed, the vast majority of hacking and digital snooping by hackers entails the use of tools and techniques set to target as broadly as possible to snag the highest number of victims.

This scattershot method does nothing to discriminate between large organizations and small businesses, and typically afflicts both equally. As you can imagine, this means SMBs are hardly excused from deploying the appropriate security measures to protect themselves against security threats.

Encryption is no longer optional

One of the arguments typically used to dismiss the need for encryption is the challenge of monitoring Internet communications across the multiple possible routes through the Internet. However, the NSA has shown that simply gaining access to a target’s connection to the Internet would make unencrypted network traffic easy pickings.

Similarly, hackers have been known to break into Internet router appliances, or use a compromised PC to launch man-in-the-middle attacks on other targets on the network. On this front, businesses that perform their data backup to the clouds should first encrypt the data prior to it being uploaded. Doing so will guarantee that even the cloud vendor should not be able to decipher it.

The USB flash drive can be a security vector

Finally, be aware that your humble USB flash drive is a security vector that can lead to the loss of highly confidential data – as the NSA found out to its chagrin. While tools to monitor the use of USB flash drives exist, they tend to be geared toward larger enterprises in terms of complexity or price.

One thing SMBs can do, though, is ensure that their portable storage devices are at least encrypted with BitLocker to Go. This will prevent a misplaced or stolen storage device resulting in a data breach to the company.

Add Comment      Leave a comment on this blog post
Jun 25, 2013 6:36 PM Sam Kephart Sam Kephart  says:
Tired of your rights being exploited by the NSA? Here’s the REAL problem: Freedom on the Rocks - Federal Tyranny versus Terrorism will give you the true scope, intent and end-goal of the NSA’s digital dragnet: http://www.argusleader.com/article/20130620/VOICES05/306200011/My-Voice-Freedom-Rocks-federal-tyranny-versus-terrorism Here’s the solution (at least individually). It’s a free Digital Privacy Black Paper; it shows you, with simple technical references and resources, how to disappear yourself and your personal communications from the prying eyes and master data recorders of the NSA and other elements of our intrusive national security apparatus. Enjoy! https://s3.amazonaws.com/sm-cdn/reports/NSA-Black-Paper.pdf Please pass this onto your friends, family, and business associates. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.