“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”Stephane Nappo
When we think of security,
we picture many things. From cameras, to law enforcement, to simple work procedures and OSHA regulations, our life is focused around our own safety and well being. We often forget that in an age riddled with smart devices, that looming threats are those we cannot physically see. During the latter half of the 20th century and at the dawn of the 21st, technology has made rapid advances. Many goods and services we use every day are now available at the touch of a button, driven by the data and the information that makes up your digital life. But how can we protect ourselves, when the only thing standing between you and your vital information is a screen?
Even the largest companies in the world are vulnerable to a data breach. Companies like Twitter, Google, Yahoo!, and even brick and mortar retailers such as Target and Walmart have been attacked in various ways, exposing credit card data, login credentials, Personal Identifiable Information, and other important private information. Most often this is done via malicious code that the outsider has planted poisonously into the protected systems, in the form of various software bugs that may or may not be known to the vendor of the system with the flaw.
Malicious actors plant software that can skim credit card information from card readers or system memory. Software can also be placed on a system, that will then lock it down in exchange for monetary payment. This is known as Ransomware. This type of cyber-crime can effect big and small businesses alike, not to mention the havoc malicious software can wreak on private citizens.
Social Engineering also plays a large role in the theft of data and credentials. Social Engineering is a tactical approach to obtain user information by gaining the trust of the user through the use of social and psychological tricks. This ranges from Phishing emails pretending to be Netflix, Amazon, or another provider, to Spoof Calls and messages on social media platforms asking for the favor of sending gift cards to your long lost Uncle, or immediate gift card relief to prevent prosecution by the IRS!
“You are an essential ingredient in our ongoing effort to reduce Security Risk.”Kirsten Manthorne
thousands of individuals are targeted in these ways, and as technology advances , information becomes easier to obtain. This is why it is important to protect ourselves from these threats.
There are several things casual users and technology professionals alike can do to ensure our personal information is safe from threats and theft. The first line of defense is a secure password. A password is best when it holds significance to the user, but would not have significance to anyone else. We suggest choosing two words that are not obviously tied to the user, but the user would remember. In example: instead of using a birthday, address, or part of your name, use words that pertain to something relevant in your everyday life, perhaps with no relation to each other. Your password (actually more like a passphrase) should be a combination of capital and lowercase letters, numbers, and special characters as well, to avoid being easily guessed or plucked from a dictionary. (H@ngarTea52 and DeathTree44870 are two examples to show the end results of this thought process)
This will also have the benefit of being easy to remember and likely that the end users will never write them down in the struggle to remember, sigh, ONE. MORE. PASSWORD.
The second thing you can do to help protect yourself, is to be vigilant against social engineering attacks. A user should never click on a link, attachment, or reply with any type of personal information, if they feel that something is questionable about the situation. If you receive an email that requests any type of vital data, verifying it independently will prevent scamming and theft. If there is another method of contact, such as a phone number, mailing address, or fax number provided, you can use these as tools to contact the sender in various other ways to prove the validity of the email. Contact your companies IT team if you have any doubts. They would always prefer to answer questions than attempt to recover from a cyber-attack.
Social Engineering takes many other forms as well, such as mimicking popular websites, phone calls claiming to be major businesses, and even replicated social media profiles from those close to the user. Using caution and vigilance is imperative to user safety. If it seems to good to be true, it almost certainly is.
new threats cause thousands of dollars in loss to both companies, and everyday users. The fallout of this can destroy lives. Taking the time to understand evolving threats in a rapidly advancing, and technology powered world, will not only protect you, it will provide peace of mind. Remaining aware, informed, and vigilant, along with secure password practices, is the best way to keep yourself out of harms way both now and in the future.
“If someone else can run arbitrary code on your computer, it’s not YOUR computer any more.”Rich Kulawiec