Hong Kong, while officially a part of China, is well known for its democratic freedoms and is now apparently a safe haven for American whistleblowers. In early June, Edward Snowden, an ex NSA (National Security Agency) consultant, blew the doors off of controversial data collection measures in the US, causing widespread confusion and anger over security of personal information. What many business owners have been wondering is if it really affects smaller businesses.
Here is an overview of the story about the US surveillance whistleblowing story of Edward Snowden, with some tips businesses can follow to tighten up cyber security.
The NSA leak
From his hotel in Hong Kong, Edward Snowden sat down with journalists from the Washington Post and The Guardian to disclose that the National Security Agency (NSA) and the FBI have unprecedented access to personal information and data on the Internet. This program, called PRISM, supposedly monitors all foreign communication that passes through US servers.
The reports in the Post and Guardian noted that Microsoft; Yahoo; Google; Facebook; PalTalk; AOL; Skype; YouTube; and Apple, are all participants in this program and had provided the NSA with direct access to their data. After the articles broke, the nine tech companies denied ever willingly giving information to the NSA, but noted they likely would, or had, handed over information if ordered by the courts.
You may wonder why this is such a big deal, especially when the NSA has said they only target foreign traffic. Well, the answer is muddy, at best, but the vast majority of the traffic on the Internet passes through the US. What was most unsettling was the revelation about what data the NSA collects. According to the Washington Post, this includes, “audio and video chats, photographs, e-mails, documents, and connection logs… [Skype] can be monitored for audio when one end of the call is a conventional telephone, and for any combination of audio, video, chat, and file transfers, when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries and live surveillance of search terms.”
Netizens, and many news agencies, were understandably furious because this covers pretty much everything. A report published by the Associated Press confirmed that: “The NSA copies Internet traffic as it enters and leaves the United States, then routes it to the NSA for analysis.” Traffic from within the US, on the other hand, is largely left alone, but it may be connected if the NSA can prove, (with 51% surety), that one of the recipients of the traffic is foreign (not based in the US).
If you are interested in learning more this article in Business Insider covers the highlights of what is going on, or what we know to date.
What about small businesses?
So what can we deduce from this? The NSA primarily targets information flowing through the major tech companies. If you do business with companies outside of the USA, you might assume that the NSA has seen some correspondence, especially if it has contained keywords they have identified and are looking for.
Regardless of this, you should still take steps to ensure that your systems are secure, as you can bet that a number of enterprising criminals will try to cash in on this issue with scams, hacks or other malicious intent.
Here are three things you can do to shore up your cyber security:
- Create a security policy – As a business owner or manager, you should take steps to educate yourself about current cyber crime, while having a policy in place that covers how employees access data, what access they have, and what will happen if data is stolen. If you are unsure how to go about this, try contacting your IT Partner, like us. We will be able to help you develop a sound security plan and policy.
- Use strong passwords – We’ve said it before, and we will say it again: Stronger passwords help deter hackers. Most experts recommend a password that is at least eight characters long, with a minimum of one number and special character. Also, it is a smart idea to not use the same password for every account.
- Use data encryption – If you are protective about your data, it is a good idea to encrypt it both while it’s being stored and when it’s being sent over the Internet. Encryption systems convert data and files into an unreadable format that takes time to hack. Many hackers will simply leave strongly encrypted files alone. There are numerous services out there, so be sure to talk with us, as we may have the best option for you.
This headline making leak is definitely huge and has many people worried as to what could possibly happen to private data. Be sure to stay tuned to the newspapers and blogs as the leak to keep updated as the fallout from this could be huge. If you would like to talk about the security of your systems, please contact us today.