How The MLB Hacking Scandal Exposes Your Network’s Weak Link
The NY Times is reporting that the FBI and the US Justice Department are investigating accusations that employees of the St. Louis Cardinals illegally accessed and copied protected trade secrets from a database owned by the Houston Astros.
While this might first appear to be the 21st century version of stealing an opponent’s signs or tipping pitches, it’s also a perfect example of how your company’s network is only as secure as its users allow it to be.
Hell hath no fury like an employee scorned
From all indications, the Astros’ database was compromised out of the oldest of motivations: revenge. In late 2011, a senior member in the Cardinals’ front office left to join the Astros, where he promptly began to build a database to store his new employer’s collective baseball knowledge and statistics. It was a system he had used to build the Cardinals’ 2011 World Series Champion squad.
Miffed by what they saw as a betrayal, a group of Cardinals employees allegedly found a backup file containing a master list of their former co-worker’s password iterations, and used that to develop a sophisticated list of possible passwords for the new Astros database.
It worked. Days later embarrassing internal notes from Astros officials started making the rounds on the biggest sports blogs on the Internet. Reputations were damaged, apologies were issued, but the breach of trust meant the damage had been done.
Different game. Same playbook.
So what should businesses take away from this cautionary MLB hacking tale? The same lesson we teach children on the first day of little league: always focus on the fundamental.
It’s the simple behaviors that we all can take for granted that often lead to the most embarrassing and costly forms of data theft. All of the firewalls, malware scans, virtual sandboxes and backups in the world can’t make up for relentless adherence to the fundamentals of network security:
- Password Refreshes: enforce standards that require employees to change their passwords at least every 90 days
- Password Complexity: require employees to create adequately complex passwords that don’t use your company name, their personal info or common number sequences
- Stay Vigilant: Have a plan in place to ensure that any outgoing employee can’t access your network or retain sensitive company files. Similarly, all incoming employees should be provided credentials that are unique to your network’s security standards.
NSG has nearly two decades of experience protecting networks of all sizes and training employees on best practices. We offer multi-layered network protection solutions that safeguard your data and surpass any regulatory standards required for your business.
Contact NSG today at (615) 577-4390 or [email protected] to learn how we’re changing the way businesses protect their networks!