By David Wilson, Facility Security Officer and IT Manager
In the business of government contracting, it is a huge mistake to ever let down your guard. There are adversarial groups, governments, and interests in all walks of life, and they are getting smarter, and much more technologically advanced. They understand the kinds of information and data they can use, and they understand how to get it. Here are a couple of recent examples.
Until about a year and a half ago, Kaspersky antivirus was the product of choice for protecting your computers – work and home. It got the best ratings from users all over the world, the service and support was good, and corporate and government licensing was simple and fair. Behind the scenes, however, was a different story. The company was founded by an ex-operative of the KGB and over time, the Russian government began inserting their own people into the corporation at high levels. Investigations into Russian hacking have gone into overdrive and the US and other countries began to realize the risk of putting the cyber-security of their systems in the control of a software company with dubious (at best) protections from government interference and tampering. Kaspersky has since been removed from government systems, and word has gone out to warn companies that they should remove any Kaspersky products from their networks.
As the use of smart phones, tablets, and BYOD (Bring Your Own Device) networking increases, new challenges arise, and for hackers, new opportunities. Recently the heads of six US intelligence agencies have warned that US citizens should not use products produced by Chinese manufacturers ZTE and Huawei. The recommendation, coming from the heads of the FBI, CIA and the NSA, was reported by CSNBC – and you can read more about this particular threat at The Verge. The phones from these two companies, while similar in features to more expensive models from Apple and Samsung, are much cheaper, and therefore of interest to consumers. The problem is similar to the Kaspersky situation noted above – the Chinese government is very active in international hacking and data mining, and the phones have been deemed insecure, with software updates coming from overseas locations and installing automatically. The cheaper price makes them an attractive acquisition, but at what cost when your information and data may be at risk.
Not all of the data being stolen is due to hacking. The bigger picture has grown so far in scope that it’s sometimes difficult to anticipate where a problem might arise. A Washington Post article recently revealed that heat signatures created by updates from personal fitness devices were revealing sensitive positions and troop movement information that was trackable via satellite. Those devices, in many cases, were handed out as part of a morale and fitness program, but are a good example of how every aspect of life and business now requires risk management and forethought.
A good way to avoid these types of pitfalls is to keep all aspects of your management team, IT, Operations, Security, HR, Business Development, and teams in the field involved in developing new policies. Consider all aspects of a decision before making a choice. Software and hardware purchases can come with a heavy cost if not considered properly. Keep your employees and your data safe, and pay attention to the news sources that cover tech and cyber-security. Sometimes something as simple as a glimpsed headline can save you from serious or harmful mistakes.