12 Crucial Lessons to Be Learned From the Russian Hacking Scandal

Once again, hacking is front and center in the news, a reminder that businesses and individuals need to fear the long reach of cyber theft.

Here is a 12-point checklist -- six steps for businesses and six for individuals -- to enhance cyber security. 

Democratic National Committee emails were leaked this month, revealing that staffers conspired against Vermont Sen. Bernie Sanders' presidential campaign in favor of the eventual Democratic nominee Hillary Clinton.

The evidence is clear that hackers in Russia were behind the cyber attack against the DNC. Less clear is whether this brazen cyber espionage was initiated at the behest of Russian President Vladimir Putin, to help Republican presidential nominee Donald Trump. 

Both Putin and Trump have expressed great admiration for each other. In addition to their budding bromance, the Russian dictator and the former reality television star also share extensive financial ties.

The two men seem united in their desire to defeat Clinton.

Shocking the norms of civil discourse is customary for Trump.

He did so again at a press conference this week by urging Russian hackers to unearth Hillary Clinton's emails from her tenure as Secretary of State. Amid the fallout, in which Trump came under a lot of fire, he now claims that he was only joking.

But hacking is no joking matter. Major breaches of corporate data are occurring more frequently, and they are getting larger in scope.

And don't think that hacking attacks only affect major corporations. Companies of all shapes and sizes are vulnerable.

Cyber crooks could steal customers' credit card numbers, generating an expensive disaster and PR nightmare that could shutter a business. And once a business has lost the trust of customers, it is hard to regain that trust.

Hackers also could steal employees' Social Security data and private medical details, among other things. The list of vulnerabilities is a long one.

Confidential information such as employee files, intellectual property, and legal and trade secrets are the crown jewels of an organization's data repository.

Some of this information is housed in customer relationship management systems, databases, enterprise resource planning applications and financial systems. These data are called structured content.

Other data, referred to as unstructured, resides in emails, Excel spreadsheets, image files (JPEG/PDF/TIFF), PowerPoint presentations, videos and Word documents. This information is located throughout all levels of the organization in content management repositories, employee laptops, FTP sites, network and cloud shared drives, and storage area networks,to name a few.

The technology consulting firm IDC reported that most of an organization's overall data are unstructured.

IDC also determined that this unstructured information is on track to account for 90% of all data created over the next decade. Organizations must protect this unstructured content from different types of challenges and threats.

This unstructured information is highly valuable but diffuse, giving rise to several security threats. It is the weak link in the chain.

Case in point: A former engineer at E. I. du Pont de Nemours was found guilty in 2014 of stealing manufacturing and formulary trade secrets related to a white pigment commonly found in paper and plastic products. He then sold these secrets to China's Pangang, allowing that company to directly compete with DuPont for this $14 billion-a-year business.

The cyber spy downloaded content from DuPont's ERP system and created new unstructured content from the structured system to make it portable. He also stole engineering notes and documents related to DuPont's intellectual property and research and development, making it possible for Pangang to replicate DuPont's manufacturing capabilities.

These types of breaches are increasingly prevalent.

General Electric's GE Healthcare division recently experienced a cyber breach similar to DuPont's. And in a now famous incident, Alphabet's Google got clobbered four years ago by a data breach when its earnings were released a day early by a partner.

Alphabet is a holding in Jim Cramer's Action Alerts PLUS Charitable Trust Portfolio. See how Cramer rates the stock here. Want to be alerted before Cramer buys or sells GOOGL? Learn more now.

In all three cases, stock prices and investor relations were hurt.

Six Steps for Businesses
For DuPont, GE and Google, traditional perimeter-based methods failed to protect unstructured content.

Start protecting vital unstructured data with these steps:

1. Analyze unstructured content to locate, categorize and classify the sensitive information that needs protecting.

2. Install protections for the data when they are in motion or distributed within the organization, or distributed outside the organization to customers and partners. Data are at their most vulnerable when they are getting moved around.

3. Make sure this protection is minimally disruptive to the end users while meeting the information protection guidelines of the organization. To achieve this, the protection applied to the content needs to be granular and permission-based. The security classification of the content and the users' permission must dictate what they are allowed to do with the content. Typical permissions include read only/edit/copy/paste/delete, screen capture, print and location usage.

4. Dynamically control permissions to content that allow the information technology department to either modify or revoke permissions in real time.

5. Make sure that data-centric security is persistent, so it travels with the content wherever it goes.

6. Provide the ability for IT, security or privacy administrators to view access logs and perform auditing, for continual threat assessment. Hacking is protean in nature, and we must adapt to the resourcefulness of cyber criminals.

Six Steps for Individuals
Five years ago, staying safe online meant not giving out passwords to strangers. Today, with data breaches assaulting systems regularly, that isn't enough.

Here are some steps to take:

1. Clean up social-media practices by not friending or connecting with unknown people.

2. Don't click unknown websites that have appeared in one's inbox via unsolicited emails.

3. Avoid using debit cards online. Credit card companies enforce fraud control and theft restitution. Customers can usually get their money back if their credit card has been targeted by cyber crime. But if hackers access an individual's checking account via a debit card, the money is usually gone forever with no hope of redress.

4. Strengthen password protection. Don't use family names or personal biographical data that can be deduced or unearthed.

5. Use security software made by major anti-hacking companies such as Cisco Systems, FireEye and Symantec.

6. Never respond to Internet ads for anti-spyware programs, because they may actually open up spyware.

Cisco Systems is a holding in Jim Cramer's Action Alerts PLUS Charitable Trust Portfolio. See how Cramer rates the stock here. Want to be alerted before Cramer buys or sells CSCO? Learn more now.

---

A blistering financial storm is about to hit our shores. When it hits, weak companies and their investors will be washed away. Investors need to put themselves on solid ground, and that doesn't just mean changing investment allocations or loading up on cash. Click here to find out how investors can protect themselves and prosper.

John Persinos is an editorial manager and investment analyst at Investing Daily. At the time of publication, Persinos held stock in General Electric.

More from Opinion

3 New Investing Myths That Must Be Busted

3 New Investing Myths That Must Be Busted

Why a Global Stock Market Crash Is Coming

Why a Global Stock Market Crash Is Coming

Sears CEO Eddie Lampert Looks Like He Is Sucking Company Dry

Sears CEO Eddie Lampert Looks Like He Is Sucking Company Dry

Nasdaq Exec: Exchange Is 'All-In' on Using Blockchain Technology

Nasdaq Exec: Exchange Is 'All-In' on Using Blockchain Technology

It's Dumb to Think Legalizing Weed Is Still a Political Issue

It's Dumb to Think Legalizing Weed Is Still a Political Issue