Last week I received a call from a colleague who runs a computer forensics company. It was a real fire drill. A client of theirs, hundreds of miles away, which shall remain un-named, had to fire their IT Director on the spot due to some disturbing allegations.
On that very day, we needed to lock down their network and secure their data. We changed passwords, blocked access, discovered and patched holes that could allow this person or others back into the systems if they decided to delete data or do anything else to compromise the company’s assets.
When we began to look at email, nobody at the sizeable organization knew anything about how email was delivered, or where it came from. We quickly found out that they had commercial Gmail as their mail system. Since the IT Director was the only administrator of the account, we didn’t have the passwords.
In this particular case, the password was provided by the accused party without argument, and the email was able to be secured, but it raised major red flags thinking about security in the cloud for small businesses.
In this instance with Gmail, if the password had not been given up, it could have taken days to get Google to change the administrator password on the company’s email. Google obviously is not going to do that for anyone, and you will need to prove you are who you say you are before any changes are made.
Since there was no email archiving taking place, and there was no email continuity solution either, this time gap would have provided the IT Director unlimited access to the mail. He could have deleted incriminating data and down from there.
There are some simple steps that your business should take to avoid being in such a vulnerable position. If your corporate data is presided over by any individual – whether IT staff of not – with complete administration rights, play close attention.
- Have a password policy in place that keeps passwords documented and encrypted. Use a product like Ironkey or similar
- Use a third party email archiving service to archive email and comply with eDiscovery rules. You never know when this may become critical in an internal HR issue, as in this example. Just archiving email to another server in the office would not have helped this situation at all.
- Use a third party email continuity service. Usually implemented to avoid business interruption during technical difficulties and Internet outages, the right continuity product can actually be an invaluable security tool by giving you the ability to re-route your hijacked email and keep your business running during a security incident.
- Keep detailed documentation on your network resources, hardware, IP addresses, DNS service, etc. Having this information will save time and money if a third party has to understand your network in a hurry.
- Develop a simple “expert system” – a written process with a succession plan, contingencies and simple SOPs (standard operating procedures) so everyone knows what to do during a security breach.
Almost every security incident and the resulting damage to small businesses that we ever see are avoidable. Security on the cloud is no different. The combination of common sense, basic organization, and a trusted advisor to set things up and monitor them for you will always allow you to sleep easier.
