• Services
    • Manage My IT
    • Secure My Locations
    • Manage the Cloud
  • Industries
    • Cannabis
    • Construction
    • Consumer Packaged Goods
    • Co-Working
    • Manufacturing
    • Non-Profit
    • Retail
  • About
    • Our Company
    • Media and Awards
    • Career
    • Privacy Policy
  • Contact
    • Contact Us
    • Irvine, Orange County
    • Los Angeles, California
    • Hyderabad, India
    • Las Vegas, Nevada
    • Toronto, Ontario, Canada
    • Vancouver, British Columbia, Canada
    • Request a Quote

Call us today! 1-866-808-9901

[email protected]
GeekTekGeekTek
  • Services
    • Manage My IT
    • Secure My Locations
    • Manage the Cloud
  • Industries
    • Cannabis
    • Construction
    • Consumer Packaged Goods
    • Co-Working
    • Manufacturing
    • Non-Profit
    • Retail
  • About
    • Our Company
    • Media and Awards
    • Career
    • Privacy Policy
  • Contact
    • Contact Us
    • Irvine, Orange County
    • Los Angeles, California
    • Hyderabad, India
    • Las Vegas, Nevada
    • Toronto, Ontario, Canada
    • Vancouver, British Columbia, Canada
    • Request a Quote

3 Security Lessons Learned From the Massive Government OPM Data Breach

3 Security Lessons Learned From the Massive Government OPM Data Breach

July 17, 2015

Before we touch on some crucial IT security lessons (and why it’s so important to have consistent monitoring of your systems), it’s time to take a brief break from your regular programming and tune into some geopolitical intrigue.
If you aren’t up to speed on the massive security breach that occurred in the federal government’s OPM computer network recently, here is a brief summary of the Hollywood-like scale of espionage (as if it were a plot from a “Mission Impossible” film) and foolishness (as if it were a “Dumb and Dumber” sequel) that took place:

A Brief Summary of Government OPM Data Breach

  • The OPM (Office of Personnel Management) is the Human Resources Department for the entire government — millions of employees — which means it stores identifying information from their invasive background checks for security clearances on a vast number of current and former employees — including every active spy — who works for the government.
  • Despite choosing to store these files on networks vulnerable to hacking, the OPM had no IT security staff until 2013. Yes, you read that correctly. This was accurately reported in Wired Magazine. But it gets worse. Much worse.
  • The government, as reported by The Wall Street Journal and TechDirt, was not even the one who discovered that they’d been hacked. A cybersecurity vendor — yes, a vendor — was running a sales demonstration for their networks forensic platform at a conference for the OPM. The vendor discovered the active malware mid-presentation while doing the demo. (As TechDirt joked: “Guess their product works, huh? That may go down as one of the most effective product demos ever.”)
  • It was then learned, also reported by The Wall Street Journal, that the malware had already been active for a year, and that it had been giving China unfettered access to OPM’s files; and the files were not encrypted. But it gets worse (if you can imagine).
  • The government had already given root database access, which gives you unhindered power to obtain files whether or not they are encrypted, to contractors who were working in China for years prior.
  • China can now hawk intimate background check information for millions of American government employees to any bidder.
  • This compromises the identities of intelligence workers and supplies foreign governments with an abundance of information that can be used for blackmail operations or the destruction of a government employee’s credit.

What We Can Learn From This Security Nightmare

Whether you’re a government agency managing the sensitive files of millions of people or you’re a company with a staff of 30 employees, there are crucial lessons to be learned from the OPM disaster:
1. Don’t wait until a sales demo to run a thorough security check of your systems.

it-security-services-los-angeles

GeekTek – IT Security Services Los Angeles

In fact, you should have constant monitoring of your networks. Your IT personnel should be capable of consistent proactive and reactive security monitoring from day-to-day.
2. Be careful how/where you store sensitive information.
Some NATO governments refuse to store their most sensitive data electronically. Although you likely will never have to go the extreme measure of maintaining a warehouse full of paper files, the principle is the same: don’t place sensitive data in highly vulnerable locations that are not secured. In addition, always back-up your data in separate locations that cannot be accessed from your network.
3. Choose a trusted IT security team and insist that they document their security plan in detail.
It’s always a good idea to have your IT team document everything they do in writing for you so that your access to their processes and your understanding of your network security is not dependent on them cooperating with you. And if you’re in a situation where an IT company or a disgruntled employee is holding your data hostage, contact our BITS Rescue Team (Bad IT Service Rescue), and we will liberate your data and return control to you.
Contact us for more helpful tips on IT security and building a fruitful partnership with a managed service provider.

You also might be interested in

Breaking Up ISN'T Hard to Do: Dumping Bad IT Services for Good

Sep 4, 2013

We’ve all experienced the nervous anticipation of breaking up with[...]

The Bright Future of Cloud Computing

The Bright Future of Cloud Computing

Jul 10, 2015

The actual inner-workings of “the cloud” can be a little[...]

New Jersey Dispensary Cheat Sheet

Recent Tweets

  • This year, instead of the usual gifts, we will be donating on our clients' behalf to the  @LAFoodBank  and…  http://t.co/jjhLN4HxsD 
  • 2 months ago
  • πŸŽ„ Happy Holidays to all our clients and followers from all of us at GeekTek! πŸŽ„  http://t.co/hn3Pyfc1ml 
  • 2 months ago

Follow @geektek

Headquarters – Los Angeles, California
Denver, Colorado
Irvine, Orange County
Las Vegas, Nevada
Toronto, Ontario, Canada
Vancouver, British Columbia, Canada
Hyderabad, India
Northern California, Bay Area

Blog

Prev Next