The CIA, Your ISP, And You
With new details coming out on the regular thanks to Wikileaks and the bowels of internet, we are learning more and more that privacy doesn't exist. At least, privacy should not be assumed. This is something individuals and organizations have to actively pursue. Be it from the prying eyes of random hackers (likely), your ISP (less likely), or state-sponsored hacking (less likely), your information is being searched for. Protecting your data is up to you. So in this article, we explore some common ways people and organizations are compromised, how to prevent them, and more.
Billions Of People Down, Billions To Go
Unsecured Database - This is sadly all too common, and results in big headlines. Unsecured Databases happen when hosting services are set up incorrectly, resulting in massive amounts of user data being available online. You may remember stories such as the 1 Billion E-mails Being Stolen From Yahoo! and Ashley Madison Data Breach.
Weak Default Passwords - Pretty self explanatory, and one of the easiest to avoid, but rarely done. A personal example, in an earlier life, I worked for an organization that had their employees change their passwords every 3 weeks, to a new password, that they couldn't use for the next 5 password resets. You know what this kind of strict and overly-protective policy lead to? A plethora of sticky notes around the office with every employee password. Simply too much to remember. And they were all simple to boot. For an example of a major hack resulting from this, read Anthem and how 80 Million Customer Records Were Compromised.
Phishing Attempts - Probably the most common and hardest to avoid scam. Phishing results from someone with permissions inside the organization to have their information stolen. This can then be used to back-door their way into an otherwise secure system, and pull information out. The reason I mention it to be the hardest to defend against is that humans are gullible. And all the intruders need is for one person to click a link or go to the wrong webpage. Hacks reportedly happen due to this include the U.S. Government Loses Personal Information of 25.5 Million Americans.
Security You Actually Use Is The Best
Password Managers - A password manager is a service that helps a user store and organize passwords. Passwords that are stored are encrypted, requiring the user to create a master password: a single, ideally very strong password which grants the user access to their entire password database. These are useful, as a single well made password is more convenient than dozens of weak passwords spread across services. Convenient protection is the best protection.
End To End Encrypted Messaging Applications - Whether you have to worry about your own data or a large organizations, encryption could make all the differences. More and more services are offering this, including even the big names like Facebook and a plethora of private industries. Use them to your advantage, because even if your chat log is stolen, it would take much more effort to decrypt the messages than it is worth. Note: This does not mean NO ONE EVER will be able to read them. Simply that if it takes months to decrypt one message, it's probably not worth anyone's time to go through an entire exchange.
Malware Software - Take your pick. At this point, the large names in this field are all about equal in prevention when it comes to malware. Even Microsoft's built-in Malware Protection is comparable to some of the subscription services. But always have at least one on every computer you come in contact with. Not only that, but that the definitions (the part that tells the software what to defend against) is up to date. Many threats are variants or even just plain known malware, and are easily detected by a reputable anti-malware service. Examples: Norton, AVG, Avast, etc...
Big Tools For Big Business
Penetration Testing - Used exclusively for businesses that can afford someone working day and night to breach your defenses. The idea is simple, know thy enemy. Cyber-security professionals can be paid to ferret out attack vectors that would otherwise be used by other hackers. This can be a simple check to make sure all your passwords are set, to someone actually pretending to be an employee and walking into your building. Very time consuming, but invaluable in the long run.
Farm It Out - Let's face it, most businesses out there are not cyber-security firms. They are small to medium businesses who would rather spend their hours working to provide a better service or product than making sure their databases are properly protected. Enter cyber-security companies who will manage and monitor your systems for you. Available at all price points, would highly recommend checking this option out if you have the money to spare.
Education - The final piece to the whole puzzle. If your employees don't know common safety practices online, then all of the others can't help you. Teaching your employees the value of keeping secure devices. Complex passwords and password managers. Why they shouldn't click on that weird e-mail link they just received. Why browsing strange sites on a work device is a bad idea. The weakest point of any security solution is going to be individuals. Can not highlight the importance of this enough.
Personal Tips For Personal Business
Up To Date Applications - At some point in time, every security flaw was new and unknown. But once something is discovered, many companies push updates as soon as possible to protect their users against them. This is why it is paramount to keep everything as updated as possible. A smartphone, laptop, application, or anything out of date longer than a couple of days is especially at risk. Keep those devices and apps secure by updating regularly.
Common Sense - It's one thing to have common sense. It's another to be tech savvy enough to apply it. Similar to the enterprise experience, knowing the best practices to protect yourself leads to a more secure experience. Don't click on links in e-mails. Use an ad-blocker. Use anti-virus software. Password managers are important. Be wary of the internet, and you'll find yourself head and shoulders above the average user.
In The End, No Device Is Safe
I know after reading all of that, you must think it's pretty hard to be safe. And the short answer is, it is. Simply put, no device is safe. The only way to make sure your data can't be access is to either physically destroy it, or use computers that aren't connected to the internet. Suffice to say, both of those aren't in the cards in such a connected world.
But the game of security isn't just about being perfect when it comes to security. It's about being better than the person next to you. Remember how you don't need to be faster than the bear, but the person next to you? Same idea. Hacking is about getting as many people in your net as possible, and if one person is going to take more than minutes to breach, odds are, they will move on to easier data. Advice is excluded for celebrities/targeted attacks, but for 99.9% of you out there, hiding in the masses is your best defense.
Good luck, and don't make your password "Password".
Written By: Ben Crossman
Host of the Computer America Show
Find more at www.Computeramerica.com/