No Network is Safe from Bad Practices
Americans prefer to think their government is immune to major data security breaches. Of course, while few would say the U.S. government is infallible, some situations just seem beyond the bounds of reasonable possibility. That may be why a lot of people's bubbles were abruptly burst when in 2015, White House personnel admitted that the sanctity of some of their sensitive computer networks had been violated by hackers.
As if to add insult to injury, this news came fresh on the heels of reports detailing other huge data security mishaps, like the Sony and Anthem breaches. Some industry observers might say the White House hack only underlines the need for improved data protection software, but this incident was ultimately made possible by simple procedural oversight. Here's what people should know about personal information privacy and government security breaches.
What Happened with the White House?
According to official reports, White House staffers first observed activity that might indicate data breaches sometime before October 2014. Taking advantage of networked computers around the globe, hackers believed to have been working on behalf of unspecified Russian government agencies were said to have gained access to unclassified data networks.
While U.S. intelligence officials downplayed the gravity of the hack, they admitted that it was one of the most advanced data incursions they'd ever encountered. News services were quick to note that hackers could access highly critical information, like email servers and the private presidential schedule. Even worse, the scheduling data they uncovered was in real time, opening up a range of potentially disastrous implications for the security of the executive office.
What Made the Hacks Possible?
Amazingly, even though investigators believe they've traced the path the hackers took through State Department computer systems to reach White House networks, they haven't actually corrected the problem. Officials reported that foreign agents may have even regained access to the systems they were booted from! One State Department spokesperson went as far as to say the problem has existed for months.
This lack of effective response isn't even the worst aspect of the situation, however; the hack seems endemic to the way officials handled their data networks. The breach allegedly began with a simple email phishing attack originating from a State Department address that had somehow been seized by hackers.
The affected White House systems have since been upgraded. Nonetheless, no software package can overcome poor security practices, and in January, the Director of National Intelligence admitted that similar identity-based breaches had indeed occurred in the past when foreign agents were granted access after simply claiming to be legitimate officials. If even the highest levels of government are vulnerable to such basic tactics, there's no hope for companies that don't buff up their data handling standards to match their security software.
Basic Policy Practices and Data Privacy
So who's to blame for the White House breach? Naturally, officials didn't point fingers at any specific individuals, but other examples show how rampant the problem really is. For instance, former Secretary of State Hillary Clinton was widely criticized for using her insecure personal email address for official business, and in 2013, hackers released details of one of her private accounts.
It seems obvious that insecure email accounts constitute security risks, but users may simply be unaware of the dangers. Those who have never had problems with phishing or other common attacks might be unfamiliar with the tell-tale signs of a potential threat, and bad habits are hard to break. This is especially true with the increased prevalence of smart devices and personal computers being used in official settings.
Avoiding Obvious Mistakes
Will the White House and other agencies catch up to the times and begin implementing better security policies? It's uncertain whether even serious breaches like these will motivate slow-moving bureaucracies to step up to the plate, but private organizations can definitely learn from their oversights. These kinds of incidents might be avoided by companies that:
- Employ only secure storage services for documents,
- Integrate their email servers and user authentication with said document storage to eliminate potential attack routes,
- Monitor and track phishing attempts to discern their nature and stay ahead of hacker tactics, and
- Institute automated alert systems and access tracking to increase accountability.
The White House, State Department and other parts of the government may be at risk because of their practices, but private entities don't have to share the same fate. Implementing improved personal information privacy standards goes a long way towards not becoming the next White House, Sony or Anthem.