Courtesy navigation

Blog posts tagged hacking

The future's dark: understanding the evolving cyber threat

February 11, 2016 by Ron Immink

The future's dark: understanding the evolving cyber threat{{}}Future Crimes by Marc Goodman is a very scary book. Subtitled, "A journey to the dark side of technology and how to survive it", this is a real eye-opener.

Technology is improving so many aspects of the business world but the truth is that criminals are often the most innovative adopters of technology.

Let's start with a few scary statistics from Goodman's book:

  • 200,000 new pieces of malware are identified every day;
  • 95% of all malware is not detected by most virus checkers;
  • 600,000 accounts on Facebook are compromised every day;
  • 25% of all reviews on Yelp are bogus;
  • 11% of Facebook accounts are fake;
  • 100 million phishing messages are sent every day.

Everything is data

You can see where this is going. It's all about data. Goodman suggests that Google and Facebook are free because they are data collectors and aggregators - and yet neither use the word "customers". They know everything you have done online and increasingly everything else as well.

In the USA, online data that is collected by third parties is not considered private. Which means it can be used by anyone, from the Inland Revenue to the police. Some dating sites for instance, share their data with data brokers. It's all there in the small print.

The point is that all that data is stored and hackers can get access to that data. Any data that is collected will invariably leak.

Everything can be hacked

Everything that is connected can be hacked. And now we are at the beginning of the internet of things. Connecting everything. Which means that nothing can be hidden and everything can be hacked, from your car to your TV. Even the video conference system in your board room can be hacked.

What can you do about cyber crime?

Goodman presents a number of tips on how to help you to protect yourself. They include:

  • Updating regularly;
  • Using sophisticated and different passwords;
  • Knowing where you are downloading from;
  • Watching your administrator settings;
  • Turning off your computer when you are not using it;
  • Encrypting;
  • Thinking before you share.

The good news, he says, is that by taking these steps you can avoid 85% of all threats.

If you want a book that makes you think about the unintended consequences of technology, this is one to pick. It also screams business opportunity. Cyber security is a hotspot.

Copyright © 2016 Ron Immink, ceo and co-founder of Small Business Can and Book Buzz - the website devoted to business books.

More on this topic:

Friday Donut tip: securing LinkedIn passwords

June 08, 2012 by John McGarvey

This week, online services LinkedIn, eHarmony and Last.fm all suffered security breaches which saw users' passwords fall into the hands of hackers. It's not the first time something like this has happened and it won't be the last: previous victims have included Gawker and Twitter.

I've mentioned before that I think passwords are broken. But they're here to stay, at least for the foreseeable future. So for this Friday's Donut tip, we explain what you should do if you have an account with one of the affected services.

Secure your account

To begin with, be wary of any emails you receive warning that your password has been leaked. They might be genuine, but there are lots of phishing attempts going round too, so you're better off just deleting them.

The next step is easy: PANIC!

Actually, I'm just joking. You definitely don't need to panic. It's counterproductive and unnecessary, because it's actually pretty easy to secure your accounts:

  1. Go to the website of the service you use (LinkedIn, eHarmony or Last.fm)
  2. Log in using your normal username and password
  3. Use the change password option to make your password something completely new
    (Don't just change a single letter or number of your old password - use something totally different. At this stage it's a good idea to make sure your password is nice and strong. I've put some tips below)

That's it, unless - like most people - you use the same or a similar password for other things. You see, scammers aren't stupid, and they know that if you use that password for your LinkedIn account, perhaps you also use it - or something similar - for more important services, like your email.

This means you also need to change any identical or similar passwords that you use on other services. You should really have a different password for each one.

Creating strong passwords

You've probably seen the usual advice about creating strong passwords. Use upper and lowercase letters, numbers and symbols, don't use words you'd find in the dictionary, and so on. But these passwords can be devilishly hard to remember.

I like the song lyrics trick: take a memorable line from a song, pull out the first letters of each word, then wrap it in a number that you can remember.

For instance, a Rolling Stones fan might choose the first line from Sympathy for the Devil: 'Please allow me to introduce myself'. And he might be able to remember 1960, because that's the year he was born.

Shortened, it becomes 19Pamtim60. Not bad.

Alternatively, you can use a tool like LastPass to generate and remember super-strong passwords for you. John Sollars talked more about keeping passwords safe in a recent post over on Startup Donut.

Previous Friday Donut tips:

Why you need a security policy

July 21, 2011 by John Sollars

Not a secure way to store passwords. (Image: Nina Matthews Photography on Flickr.)

News just in. Your computer system has been broken into! Yes, your impregnable firewall, amazing anti-virus and 99.9% secure password have all been breached. How could this be? Step forward your company employees.

Recent studies have compounded old research highlighting the astounding ignorance and negligence of employees when it comes to security. Read on to see three ways your employees can undo all your investment in security, and to find out where you may be at risk.

Strangers in the office

A Computer Weekly survey reported that only 4% of employees would challenge a stranger walking into their office and sitting down at a computer. What's more, only 3% would actually ask them for identification.

I'd hope those figures would be higher in smaller businesses, where it's more common for everyone to know everyone else who works there. But it still demonstrates why you need a system of identification of authority - like ID cards - in the office.

Passwords are key

Password security is another key aspect. Aside from the oft-discussed need to use upper and lower case letters, numbers and other random symbols in passwords, it’s how your employees remember logins that can fall short.

A common approach is to write passwords on post-it notes, then stick them under phones or keyboards. Worse, some people stick them in plain view. This gives any intruder a reasonable chance of gaining access with no tools or knowledge of your systems.

One reason passwords are such an issue is that people don't see them as being particularly valuable. One survey found 90% of commuters were happy to exchange their passwords for a free pen!

Sure, some passwords may have been fakes to get a free pen. But the statistics still show a lack of understanding about the damage even a low level user’s password can do in the wrong hands.

Approve all hardware and software

A Valentine's Day study provided random workers with CDs, claiming they contained a promotion to win a romantic holiday. In reality, the CDs sent people to a website promoting security.

The point of the exercise was that the people behind the CD were able to run unauthorised software on computers situated within a company's IT system. According to the study, 75% of people ran their CD.

And a more recent study by the US Department of Homeland Security involved leaving unmarked pen drives and CDs in company car parks, then letting curiosity do the work.

Again, no malicious code was run, but the potential for wrongdoing was there. CDs and pen drives were inserted by 60% of people. If the CD or pen drive had a logo on it, that figure rose to 90%. Scary stuff.

Get your security policy right

I hope these stories have opened your eyes to how even the simplest, most innocent notions can compromise your company’s security. Have you been hit by negligent employees? Do you think you’re at risk? Leave a comment below to let us know.

John Sollars is MD of Stinkyink.com

Syndicate content