I'm going to beat this dead horse until it's a red spot: YOU need to take data security seriously. There are some things you're doing to make your data - and that of your company - much less secure. Some problems can't be solved at the moment...so we won't make you take all the blame.
Here are 5 reasons why things have gotten far worse than you really know.
1. Your Passwords Suck.
Your daughter's name and her birthday guard all your important data? You'll NEVER get hacked. You need better passwords. You need passwords that you cannot remember. You need passwords that nobody could remember and that nobody can use even if they did hack into your password vault...which I've been telling you to buy since at LEAST July 16, 2012, which leads me to:
2. You're Storing Passwords Wrong.
Buy SOMETHING that enables you to generate, store, and encrypt your randomly generated passwords. DO IT. Creating a different randomly generated password for every account may not be the end-all-be-all solution...but it's much like a locked door. If the criminal who wants your data has to work hard to get it, they're likely to move on to the guy who doesn't lock their door. Saving your account logins in a Word document or the notes app in your phone is not an option. If you don't believe me now, you will by the time you finish reading this blog post, which leads me to:
3. Stupid Human Tricks.
Let's face it: we can mess things up royally. My business partner is infamous for his "Debbie Downer" declaration that if you give people a 50-50 shot at making the right decision, they'll choose wrong 100% of the time.
While statistically unsound, he does have a point on some level. Today's corporate breaches - some you've heard about and many become a national story - are often because someone within the organization made a simple, dumb mistake of clicking on a malicious email. Sony would be a prime example (and no, I still don't believe North Korea did it.) And it might not have been an email...which leads me to:
4. The Web Does Not Filter Itself.
I'm never going to suggest the US Government regulate the Internet. They've got enough on their hands regulating things they don't understand. But if you're not regulating and filtering web traffic on your business network, you're asking to be a victim. If you weren't aware, there are an incredible number of compromised, malicious websites. All it takes for your company's network to be brought to it's knees is for that one person to go to the wrong website. And you never know who build that malicious website...which leads me to:
5. Hostile Foreign Powers Need Love Too.
It's like Red Dawn all over again. No, not the horrible remake, I'm talking straight-up 1980's Russian fear. Well, I hate to break it to you, but Mitt Romney was right: Russia's baaaaaack. According to the Wall Street Journal in the link (you'd need to be a subscriber to read the article):
Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses.
What does that mean? The State Department is dealing with some seriously nasty security issues (as if they needed more problems right now). The bad news? There's more to come...and it's probably not just governments that will be targeted in the coming years.
No matter what you do, do something.