Hong Kong is one of the busiest and freest cities on Earth. It also recently played host to one of the biggest whistle-blowers in history – Edward Snowden. In early June, Snowden, an ex NSA (National Security Agency) consultant, exposed the agency’s data collection program and caused an unparalleled uproar and controversy. In light of the information revealed, are there any steps business owners should take to tighten up security?
The NSA leak
From his hotel in Hong Kong, Snowden disclosed to journalists from the Washington Post and The Guardian that the NSA and the FBI have unprecedented access to personal information and data on the Internet. This program, called PRISM, supposedly monitors all foreign communication that passes through US servers.
The reports in the Post and Guardian noted that Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple are all participants in this program and had provided the NSA with direct access to their data. After the articles broke, the nine tech companies denied ever willingly giving information to the NSA, but noted they likely would, or had, handed over information if ordered by the courts.
You may wonder why this is such a big deal, especially when the NSA has said they only target foreign traffic. Well, the answer is muddy, at best, but the vast majority of the traffic on the Internet passes through the US. What was most unsettling was the revelation about what data the NSA collects. According to the Washington Post, this includes, “audio and video chats, photographs, e-mails, documents, and connection logs… [Skype] can be monitored for audio when one end of the call is a conventional telephone, and for any combination of audio, video, chat, and file transfers, when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries and live surveillance of search terms.”
Netizens, and many news agencies, are understandably furious because this covers pretty much everything out there. A report published by the Associated Press confirmed that “The NSA copies Internet traffic as it enters and leaves the United States, then routes it to the NSA for analysis.” Traffic from within the US, on the other hand, is largely left alone, but it may be connected if the NSA can prove, with 51% surety, that one of the recipients of the traffic is foreign (not based in the US).
If you are interested in learning more, this article in Business Insider covers the highlights of how PRISM surveillance works.
What about small businesses?
So what can we deduce from this? The NSA primarily targets information flowing through the major tech companies. If you do business with companies outside of the USA, you might assume that the NSA has seen some correspondence, especially if it has contained contained certain keywords.
Regardless of this, you should still take steps to ensure that your systems are secure, as you can bet that a number of enterprising criminals will try to cash in on this issue with scams, hacks or other malicious intent.
Here are three things you can do to shore up your cyber security:
- Create a security policy – As a business owner or manager, you should take steps to educate yourself about current cyber crime, while having a policy in place that covers how employees access data, what access they have, and what will happen if data is stolen. If you are unsure how to go about this, please contact Providence for assistance. We will be able to help you develop a sound security plan and policy.
- Use strong passwords – We’ve said it before, and we will say it again: Stronger passwords help deter hackers. Most experts recommend a password that is at least eight characters long, with a minimum of one number and one special character. Also, it is a smart idea to not use the same password for every account.
- Use data encryption – If you are protective about your data, it is a good idea to encrypt it both while it’s being stored and when it’s being sent over the Internet. Encryption systems convert data and files into an unreadable format that takes time to hack. Many hackers will simply leave strongly encrypted files alone. There are numerous services out there, so be sure to talk with us as we can suggest some good options for you.