The term “hacking” has taken on a number of negative connotations in the cybersecurity world. At its most generic level, a “hack” is any modification or alteration of computer hardware or software that is different from, or contrary to, the intent of the developer.
Not all hacking is bad, however. White hat hackers, for example, use their skills to assess the security of protected corporate systems and networks. A white hat hacker will help a corporation to correct any flaws that allowed them to breach the corporation’s network security. Other organizations sponsor “hackathons” in which they bring together teams of programmers to solve problems or develop new codes.
A History Lesson
Virtually every data breach a corporation has suffered was the result of a hack by a cyberattacker. That’s why hacking as a concept conjures up such negative connotations for most people. A corporation might lose data by accident or through negligence (e.g. an employee leaves a device containing private information in public). But data breaches happen when hackers gain unauthorized access to a company’s networks, stealing sensitive information and data from them. Given that nearly every company maintains an online presence in our modern environment, this threat is even more pressing.
Hackers also access corporate networks for purposes other than stealing data, such as advancing a pet cause or exacting revenge. In view of these potentially different motivations, defending against hacks and data breaches can require different strategies. Those strategies will inevitably overlap, but they need to be approached from divergent perspectives.
Avoiding Data Breach
Stopping data breaches is a targeted task. Most data breaches, for example, start with an inattentive employee that clicks on a malicious link in a phishing email. These generally come from an unknown source. Sometimes a worker voluntarily discloses data in response to a hacker who is posing as a corporate insider.
Training employees to recognize phishing scams can prevent the more egregious or obvious phishing scams from compromising sensitive data. But the scammers that target employees are increasingly able to disguise their identities and intentions. A corporation can protect data by limiting internal access to sensitive data and segregating databases into different data “silos.” The downside of many of these techniques is that they limit the free flow of information within a corporation. This can hinder productivity and collaboration—but prevent data breach.
Companies have to strike the right balance between protecting information and allowing employees to access and use it. This means data will always be vulnerable, to some degree. Many corporations carry data breach insurance to protect against financial losses and third-party liabilities that accompany a data breach. These organizations choose to have a safety net, knowing data may be exposed at some point despite their best efforts.
Protecting against hacks generally requires good technological practices that permeate through the entire corporation at every level. Those practices include:
- Updating operating systems and software to install patches and big fixes that cover known flaws
- Maintaining good firewalls and anti-malware software
- Restricting employee use of unprotected Wi-Fi networks
- Using password managers that change passwords frequently and that implement complex passwords for network logins
- Employing virtual private networks (VPNs) to channel data into and out of the network through encrypted tunnels.
A determined hacker will find ways to circumvent these practices and technologies. But in the meantime, they provide a solid first line of defense against many hacking attacks that corporate networks face daily. Hacking and data breaches are a reality that every modern corporation must accept. But solid cybersecurity practices and data breach insurance can save a corporation from ruinous financial losses.
