A Strong Foundation: Securing Accounts and Devices
Why the focus on devices and accounts? Because they form the foundation of everything that your organization does digitally. You almost certainly access sensitive information, communicate internally and externally, and save private information on your devices and accounts. If they are not secure, then all these things and more can be put at risk.
For example, if hackers are watching your keystrokes or listening to your microphone, private conversations with conversations will be captured no matter how secure your messaging apps are. Or if an adversary gains access to your organization’s social media accounts, they could easily harm your reputation and credibility, undermining the success of your work. Therefore, it is essential as an organization to ensure that everyone is taking some simple but effective steps to keep their devices and accounts secure. It is important to note that these recommendations include personal accounts and devices as well, as those are often easy targets for adversaries. Hackers will gladly go after the easiest target and break into a personal account or home computer if your team is using them to communicate and access important information.
Secure Accounts and Political Parties
In the lead up to the 2019 European Parliament election in Germany, German political parties and political figures were targeted in one of the country’s biggest data breaches. A 20-year-old German student hacked into hundreds of social media and cloud storage accounts, stealing and publishing sensitive data including credit card numbers, photographs, and private communications. The hacker was able to gain access due to weak passwords such as “Iloveyou” and “1234.” Targeting multiple prominent political parties, the hacker accessed and leaked the personal data and documents of hundreds of politicians, including Chancellor Angela Merkel and German President Frank-Walter Steinmeier. Working from his computer in his parents’ home, the student hacker used relatively simple techniques to break into successive accounts according to German authorities, and "acted out of annoyance over public statements" made by his victims.