Hackers are trying to extort 7.5 million dollars from HBO, and no one is sure how they gained access to the files and media they stole. Sony was the victim a few years back. That attack was purely malicious.
They are the big targets, and you would think these companies have the resources to protect themselves from these intrusions. If they can get hit, you can. As hard as you and your team work on your projects, that's how hard these criminals are trying to disrupt and profit from the entertainment industry.
For security, the key word is vigilance! Protecting yourself from cyber attacks is setting up a well thought out line of defense, implementing it, and scheduling a maintenance protocol that is fluid so that as the challenges shift, you are adjusting your strategy.
Depending on where you are in the M&E space, your security risks will vary. I am going to provide recommendations for protecting content. These are fundamental steps. To determine the safety measures you need, an assessment of your company's risks is the next step.
When we assess securing content, we think about where the content is stored and how it moves through the production cycle. Who touches it and why? Where does it reside and how many iterations of it are there? When is your content most vulnerable? How likely is it that you will become a target? What value does your work have to someone outside your staff and your clients? Determining this is a starting point for how much effort you need to put into protecting your assets.
In IT security parlance there is the term Air Gap. It's a barrier between the content and the team that works on it and everyone else. It may mean an environment isolated from the Internet or at least protected behind passwords and encryption. No one should be able to cross that Air Gap without permission, and if anyone does, you get notified. Establishing this is the first step in any security plan be it for just your computer or your company's network.
How this gets done has as many approaches as there are ways to work. If you have multiple offices, you'll need a VPN (virtual private network) as a layer between the Internet and your network. If you move assets using portable drives, you will want to enable encryption. Encryption will require a password to access the drive. On shared storage servers, an administrator can isolate segments of the storage with permissions.
There are physical measures you can put in place to prevent data theft. Frequent password changes. Use USB port and RJ45 locks on your computers. Combination locks on edit bay doors. Security cameras with explicit warnings.
I mentioned vigilance, and I come back to this because what inevitably happens is keeping these security systems in place is a pain in the rear. Your team members will try to circumvent the security you've set-up because it slows them down. You need to establish best practices and maintain them. There are ways to automate security measures. There are many layers to securing your projects, and you should discuss your needs with experts, get an idea of the costs and decide what solution best meets your needs and your budget.
- Jim Reisman