Every day in every part of the globe ransomware attacks are creating nightmare scenarios for companies and IT departments. The United Health attack should get everyone’s attention and (I hope) start a serious conversation about what it means to be “secure.”

The hackers used “stolen credentials” (an employees password) and logged in because there was “no MFA.” Yes, MFA (multi-factor authentication) – those annoying texts and apps with secret codes we are being forced to use more and more – and soon everywhere, until the hackers figure that out.

Basic security means three things:
1. Complex Passwords
2. Multi-Factor Authentication (MFA)
3. Personal Diligence

#3 is the kicker – even without MFA, the United Health attack would not have happened without an employee being careless with a password. Carelessness comes in a lot of colors – writing the password down and leaving it out, using the same password on multiple sites, storing the password in an unencrypted file on your computer, or clicking a phishing link in an email and entering your password into a fake login prompt.

The victim is usually an unwitting accomplice in computer hacks – the hackers get what they need from the victim through carelessness or gullibility – they simple ask for it in an authoritative manner, and give an indigent response if questioned. Or they use phishing techniques – emails or texts that appear to be from others, usually employers or close family members.

To read more about the United Healthcare Hack, follow these links:
Tech Crunch
Forbes