[BreachExchange] Businesses need to nail the basics to deter online hackers

Audrey McNeil audrey at riskbasedsecurity.com
Fri Aug 26 15:49:58 EDT 2016


http://www.freshbusinessthinking.com/businesses-need-to-nail-the-
basics-to-deter-online-hackers/

Concerns about privacy online have exploded in the last couple of years.
When services began moving online anxieties emerged around personal
identity theft, which saw people forced to use more complex passwords on
websites where they would be inputting personal information. Then security
questions appeared to add an extra layer of protection, and now passwords
on certain websites, such as Hotmail, have to be changed after a certain
amount of time.

But a trend is emerging for hacks that are more advanced, that don’t just
affect one individual at a time, and can’t be prevented by simple security
questions. Big data is one of the biggest marketing buzzwords of our time,
and hackers are now utilising this and moving on to conduct mass data
breaches, so that they can get more information quickly. These kinds of
hacks are becoming common, and businesses are struggling to work out how to
defend against it.

In the last decade, brands such as LinkedIn and Ebay have fallen victim to
this kind of hacking. The latest of these high-profile hacks is Sage, one
of the UK’s biggest software companies that has recently experienced a
major data breach – one which appears to be from an internal source,
further fuelling concerns that no business is safe.

If these huge companies with their big budgets can’t protect themselves, do
the likes of SMEs even stand a chance? And as the world progresses online,
what can businesses do to prevent being hacked?

There are a number of steps that any business (or individual) can take to
add extra protection against hackers.

Lying might be the best policy for your security questions

Security questions were brought in as soon as hacking became more common.
But a lot of the questions are worryingly easy to guess, particularly with
the rise of social media meaning that people now willingly share more
personal information with the world than ever. Do you think it’s really
that hard to find your mother’s maiden name? Or the name of your pet?

That’s not to say that security questions aren’t important, but in this
case lying is actually the best policy. Make up the answer to the question,
so it’s something that no-one could ever guess.

Think twice about linking up social accounts

Phishing – where fraudsters send an email directly to you posing as an
important company, asking for you to update important information such as a
password, or credit card details – is one of the original hacking methods
and remains one of the most common. This is also a technique used to hack
social media accounts. If you’re a business with a big social following,
you could be a target.

Linking your Facebook, Twitter, and Instagram accounts is tempting as it
makes posting content much faster – if your business posts multiple times a
day this can be a godsend. But this makes it easier for a hacker to take
control of all of your accounts. If they’re linked, it won’t be long until
they’re controlling your entire brand messaging on social. Keep them
separate, make sure you use different passwords on every platform, and also
make sure you only give the passwords to a small number of staff – which
brings me onto my next point.

Remember that not all hacks are from an outsider

The latest Sage hack by one of its own employees has highlighted the need
to consider that you could be attacked from inside your company. You’re not
just at threat from malicious outsider hackers, and in the most part it’s a
lot easier for an internal source to get hold of your data. It can be hard
to digest that a member of your own staff could be involved, but
particularly if you’re a growing company recruiting often, you can’t always
be 100% confident that someone doesn’t have an ulterior motive.

Make sure that key passwords are handed out to as few people as possible,
and make employees clear of the repercussions if any member of staff
attempts to access data without permission, as a deterrent.

Ultimately, it’s impossible to be completely out of harm’s way when it
comes to being hacked. Hackers will continue to evolve with the
advancements of the internet. But you can’t drop your defences completely.
By taking some precautions you can put barriers up and deter hackers from
targeting you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160826/1b91721d/attachment.html>


More information about the BreachExchange mailing list