The recent revelation that the National Security Agency (NSA) has been engaged in mass spying within the borders of the U.S. has emerged as a shock to many. While the spying was allegedly targeted only on non-residents, it should be clear to even the biggest skeptics now that no individual or business can claim immunity from incidents of hacking and snooping in this age of pervasive digital connectivity.
Given that a foreign government or competitor could well employ similar tactics to those used by the NSA, it is important to learn a lesson or two from what has taken place to date. I highlight a trio of suggestions below.
You can never be too small to be a target
The capabilities of the NSA and its ability to target individuals as necessity demands reveal the fallacy of considering oneself “too small” to be of interest. Indeed, the vast majority of hacking and digital snooping by hackers entails the use of tools and techniques set to target as broadly as possible to snag the highest number of victims.
This scattershot method does nothing to discriminate between large organizations and small businesses, and typically afflicts both equally. As you can imagine, this means SMBs are hardly excused from deploying the appropriate security measures to protect themselves against security threats.
Encryption is no longer optional
One of the arguments typically used to dismiss the need for encryption is the challenge of monitoring Internet communications across the multiple possible routes through the Internet. However, the NSA has shown that simply gaining access to a target’s connection to the Internet would make unencrypted network traffic easy pickings.
Similarly, hackers have been known to break into Internet router appliances, or use a compromised PC to launch man-in-the-middle attacks on other targets on the network. On this front, businesses that perform their data backup to the clouds should first encrypt the data prior to it being uploaded. Doing so will guarantee that even the cloud vendor should not be able to decipher it.
The USB flash drive can be a security vector
Finally, be aware that your humble USB flash drive is a security vector that can lead to the loss of highly confidential data – as the NSA found out to its chagrin. While tools to monitor the use of USB flash drives exist, they tend to be geared toward larger enterprises in terms of complexity or price.
One thing SMBs can do, though, is ensure that their portable storage devices are at least encrypted with BitLocker to Go. This will prevent a misplaced or stolen storage device resulting in a data breach to the company.