Posted on Dec 27, 2014

What Social Enterprises Should Know About Cyber Security

Anne Field Contributor 2014 was, of course, quite the year for revelations about cyber attacks and data breaches at major companies like Sony , JP Morgan Chase , Home Depot HD -2.13%, and a host of others. But there also have been a lot of incidents at NGOs and government agencies, according to Alexander Heid, chief research officer of SecurityScorecard, a New York-based firm that analyzes clients’security vulnerabilities. And that’s something social enterprises need to pay special attention to, he says. The reason, according to Heid, is the weakest link approach used by many cyber criminals. Hackers look for the easiest route to infiltrate a bigger, more secure company or organization, and that often is going through a smaller supplier or other enterprise doing business with it. A massive Target TGT -0.46% breach–it happened in 2013, but we kept hearing about in 2014–occurred because the perps were able to hack into an Internet-connected heating, ventilation and air conditioning system from a third-party vendor. It’s not unusual for such smaller enterprises to have access to the systems of their big clients for administrative and support purposes, making them prime entry points for hackers who want to infiltrate the larger organizations. Where do social enterprises come in? Social ventures working with NGOs and government agencies, according to Heid, seem like perfect targets for hackers looking for an entry point. “Social enterprises might not be the targets, but they might have high profile associates who are,”  says Heid. “Quite simply, they can be used to get into these other organizations.” What to do? Protective steps aren’t particularly different from what any other company should do, according to Security Scorecard CEO Alexandr Yampolskiy. They range from never using default passwords  to immediately adding patches to systems as soon as they become available. Companies also have to educate employees about up-to-date security awareness steps. That means the usual suspects, like not opening up an attachment from someone you don’t know, as well as issues that have arisen in the social-media age. People who receive a message on Facebook or other social media networks are more likely to click on a link in a message than in an email, according to Yampolskiy. “People click on social networks because there’s an element of trust,” he says.

Security Research in your Inbox

Thanks for siging up for the newsletter!

Our Platform

Learn How It Works

Find out how we use open source intelligence, proprietary and open data feeds, and deep machine learning systems to correlate, attribute, and prioritize risks.

Learn About the Platform

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!