My brief take on a funny, unfortunate but true security incident I came across over the weekend.
The French TV5Monde television station was hacked last week by entities sympathetic to Islamic State. The hack led to a complete outage of the TV station’s website and all its social networks. This was a major blow to a media organization whose programs are broadcast in more than 200 countries.
The day following the hacking incident, TV5Monde aired a live discussion of the hacking incident with a journalist. During this live interview, several pieces of paper with passwords written on them were clearly visible in the background of the journalist. Among the list of passwords inadvertently shown to their worldwide audience was the password to TV5Monde’s youtube account.
TV5Monde has since changed the passwords and apologized for the ‘blunder’.
Here’s a couple of lessons for IT leaders from this ‘faux pas’
– Never write passwords down. If this can’t be avoided, have the written passwords kept in a physically locked space and not in plastered on a wall for everyone to see.
– Implement 2 factor authentication. So even if passwords are accidentally leaked, they have no value until they are changed.
– IT Security has to be ingrained in the corporate culture. Everyone is corporately responsible for keeping the organization secure. Send all associates on formal security training classes, offer them online self-paced classes or give them time off credits for taking cybersecurity classes such as the ones on Coursera
Have a great week and stay secure!