In the wake of the hack of technology journalist Mat Honan, many users of cloud-based services are running scared.
Forget Twitter-hacking attackers named "Phobia" who managed to compromise a well-known technology journalist's Google credentials and Twitter account. What about competitive intelligence experts who might want to hack rivals' Gmail accounts to siphon away corporate secrets? Or hacktivists seeking a reprise of the Anonymous attack against HBGary, which copied and then deleted the firm's Gmail accounts?
To help stop "life hack," competitive intelligence or hacktivist attacks that come gunning for corporate data, all Google Apps for Business users-and especially corporate administrators-should pursue the following nine security strategies:
1. Create a Google security plan: Anyone who uses Google for business should begin by detailing all related security processes and procedures, with an eye toward spotting potential weak points--especially single points of failure-and having a data breach response plan. As an example of what can happen without this type of plan, take the February, 2011 hack of HBGary's email by the hacktivist group Anonymous. Briefly, HBGary had threatened to reveal the identities of many group members. In retaliation, members of Anonymous used a stolen password to hack into HBGary's company-wide Gmail account, from which it copied and then deleted every email it found. According to HBGary CEO Greg Hoglund, he saw the attack unfolding, but wasn't able to convince the Google help desk of his own identity, in time to prevent all of the company's emails from being copied.
Source: Mathew Schwartz, InformationWeek