Is Your Agency’s Security Up To Scratch?

If CSI Cyber and Mr Robot have taught us anything, it is that there are plenty of black hat hackers who are out to get big companies for little reason beyond maliciousness or personal gain, says this guest poster, marketer & producer with Five by Five Sydney, Louis Petrides.

According to a new report by EMC released on Tuesday, 32 per cent of Australian businesses have suffered unplanned system downtime due to external security breaches. The estimated average cost to organisations for last year’s downtime was $1,422,000.

Although many hackers go after parent companies, it’s important to consider how agencies fit into the mix. As data and creative custodians for brands, agencies sometimes can get caught in the firing line of hackers, so it’s important to take steps to avoid this and protect the intellectual property of your clients.

So before you become a target, here are six security tips your agency should start following right now:

1. Don’t post agency office photos with hardware in the background on social media

A seemingly innocuous office photo could tell a hacker what type of physical firewall, hardware and security software you are running. If a hacker can analyse your existing set-up through a simple agency photo, they can adapt their approach.

The photo can tell a hacker about your operating systems: is your computer still running Windows XP? Which antivirus logo is viewable, or worse, is a security icon even visible? Anti-virus software runs updates (otherwise known as signatures) at different times – sometimes weekly, which gives an attacker up to seven days to get into your system before a breach is even identified.

Solution: Always ask the agency IT manager to double check your photos before you post them on social media or just avoid publishing office photos with pictures of your computers and servers.

2. Your agency passwords should never mimic your personal passwords

InstaBrute is a good example of a vulnerability within Instagram that allows attackers to obtain passwords from users. If your business email password is the same as your Instagram, it makes it easy pickings for hackers.

Solution: Stop using your personal password on any business account. If memory isn’t your forte, consider getting a password manager tool. Look into password manager services such as LastPass that Auto-fill in passwords and contain random password generators.

3. Avoid using your phone to log-in to or post messages on client social media

While it is convenient to manage a client’s social profile on your mobile phone on the go, they are much less secure than the average computer and some argue they are more valuable to attackers because of its access to your personal phone contacts coupled with location profiling.

The last thing your client wants is some random hacker holding the keys to their social brand identity.

Solution: Don’t use your phone to manage social media as the risk is simply not worth it when you are holding such intangible brand assets in your hand.

If you must use your phone, ensure it has the latest mobile and cloud based security. Check out solutions from security providers like Symantec or Webroot.

4. Steer clear from using your personal computer and laptop to manage sensitive client information

Your agency computer has been set up by IT professionals (hopefully) for a reason. Security is a core component of this and unless your home computer has been set up by a similar specialist, we can assume your business computer is safer than your personal one.

Solution: If you know you’ll be working from home, take your work laptop home because this means there are still more layers of security, which inevitably make it more difficult for attackers or speak with your IT professional about the best way to access files on your personal computer if you don’t have a work laptop.

5. Stay away from Skype as a way to communicate with your clients and partners

Many people don’t know that Skype exposes your IP address to those that simply know your name. Your IP is synonymous with the keys to your office and in this day and age, it is a lot more valuable than you think. Your agency probably has access to billions in marketing assets and this is why security matters.

There are multiple types of attacks made possible when someone has your IP address, including DDos attacks or attempts to gain full control of your  machine. More information can be found here.

Solution: Collaboration and chat software like Slack or HipChat brings all your communication together in one place within a secure environment that does not expose your IP address. They have all the functionality that Skype does, so just stick to using Skype on your personal computer with your mum.

6. Think twice before using free public WiFi to check your work emails on the go, especially when using your agency laptop or handheld

The same aspects that make free WiFi hotspots enticing for consumers make them enticing for hackers who can gain free access to unsecured devices on the same network.

While connecting to free WiFi, the hacker can access and even see every piece of information on your machine, including, important client emails, project folders, credit card information, logins and the list goes on.

Solution: Stop using free WiFi for business purposes and use your own mobile data or a pre-paid dongle. In Australia, Optus & Telstra provide a range of devices to get you connected to their networks on the go.

It is vital that your agency maintains the highest standards when it comes to online security so by following these simple tips, you could prevent a security disaster.

It’s also worthwhile providing training for staff on basic security at least once a year so they are aware of new ways to protect themselves and the business. Otherwise, you may end up with this guy on your digital doorstep.