Okay, so at this point we’re sure you’ve heard all about the DNC e-mail hack more than enough, but, there is something you can learn from it to help enhance the security of your agency’s data.
First, lets examine what happened. The victim of the hack received an e-mail stating that they needed to change their password for security reasons, so naturally, that’s what they did. The problem was that this was a phishing attack. A false claim that there was some security risk and the user should change their password, all the while the hackers were recording the new password. Once someone has your password, that’s game over.
Now, if you are paying attention, you’ve realized that the DNC wasn’t really hacked so much as it gave its password information to a clever hacker that was disguising itself. So what’s the lesson?
Well, there are a couple. For starters, don’t open e-mails that come from untrusted sources. Now sometimes this can be hard because the hacker will create an e-mail account with the “look” of an official source. Your best practice is to contact the source directly and verify if the e-mail actually came from them before you take any further action. Now, if you are a Data Soft Logic client, you don’t have to worry about this. We have seen this as one of the primary threats to your data’s security for a long time. It’s why if you click the “Forgot Password?” button on our login page you are promptly told to contact your agency’s system administrator to reset your password. We don’t use an e-mail verification system to retrieve your password because we have always recognized this as a vulnerability and want to provide the greatest level of security for our clients. It’s the way its always been and always will be for our products.
Here’s a few more things you can do to make sure your agency’s data is secure:
Put a password on your computer or device that is required to enter when you turn it on or if you have been away from it for a while
Shut off your computer when you’re not using it!
Immediately notify your agency’s system administrator or your service provider of a lost or stolen device.
Don’t browse untrusted websites!
Change passwords regularly (always make sure you use strong passwords that no one guess
From the DNC hack to the big Sony hack, if you study the methods the hackers use, its almost always some kind of error on the user’s end that essentially has given the keys to the kingdom away. Infrastructures are pretty hard to hack into directly and it usually requires some kind of trick from the hacker to actually get YOU to GIVE them access.
In short, pay attention to what you are doing and you should be totally fine.