Information Security Today Home

New Books

Business Continuity Planning: A Project Management Approach by Ralph L. Kliem and Gregg D. Richie; ISBN 9781482251784
Securing Systems: Applied Security Architecture and Threat Models by Brook S. E. Schoenfield; ISBN 9781482233971
Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare by Thomas A. Johnson; ISBN 9781482239225
Touchless Fingerprint Biometrics by Ruggero Donida Labati, Vincenzo Piuri, and Fabio Scotti; ISBN 9781498707619
The Frugal CISO: Using Innovation and Smart Approaches to Maximize Your Security Posture by Kerry Ann Anderson; ISBN 9781482220070
Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity by J.J. Stapleton; ISBN 9781466592148

Three Questions about Online Security

By Jon French, Security Analyst, AppRiver

When you give your personal information to a financial institution, government, or insurance company, you have a certain level of trust that they will do everything in their power to keep it safe. It's easy to forget that at the same time you're filling out paperwork online, in the dark world of cybercrime, hackers are doing everything in their power to get your information. Yes, your information. And yes, the UK's National Crime Agency warning that cyber criminals are constantly coming up with new ways to hack victims is worrying, but it's not the only weapon in the hackers arsenal.

In recent months many high profile organizations have had their systems breached, and customer data stolen. Experian, Carphone Warehouse, and the UKs NHS have all had their virtual filing cabinets ripped opened and their records rifled through.

The big question many ask is why hackers want this information, what they do with it, and how can people safeguard themselves.

Why do they want my information?

Some hackers just enjoy a challenge. Some want to become infamous. Other are self-titled hacktivists. But more are in it for the money, and the bigger the data breach—2.4million at Carphone Warehouse alone—the more opportunity they have to make it.

What do they do with my information?

Depending on how much information is taken, a hacker could try to open lines of credit in your name. With a home address, national insurance number, and first and last name, a hacker has just about everything he needs to apply for a credit card online, or even a loan.

Maybe you don't have a lot of money in the bank or the best credit score. But if a hacker stole £100 from 100 people, he’d have £10,000. And while you'd probably notice and question a £100 charge you couldn't remember making, you would be much less likely to question a £20 charge you couldn't remember making. It's not that they're targeting you; it's that they are targeting everyone as a whole. Of course, there are always those bad guys who will just open up as many credit cards in your name that they can and max them out even more quickly.

There’s also the case that we saw with Ashley Madison where hackers ran spam campaigns against customers on the list that was released onto the Dark Web. These spam and malware campaigns extorted the customers in exchange for not outing them to their families and friends. While blackmail spam campaigns are rare, since they normally require much more work than lifting an NI number from breached files, they could certainly be used—especially when emotions are involved.

How can I safeguard myself from this happening?

Between online banking, insurance, and medical forms online, it's nearly impossible to control where your information is stored and who has access to it. However, you can take some personal steps to keep your information safe and learn some proactive steps too:

  • Routinely check your credit score for suspicious activity, or even enroll in a credit monitoring service. It's much easier to dispute suspicious charges and unauthorized lines of credit sooner than later. Many financial institutions have time limits on how long you can wait to dispute a charge.
  • Create strong passwords and change them routinely. P@$$w0rd may seem like it's a clever password but, actually, it's not.
  • Don't take the bait. You may think you'd never fall for a phishing scam, but hackers are getting creative. We've seen some very legitimate-looking emails from credit card companies and online stores "alerting" users that their cards have been blocked, requesting the users "confirm" their billing addresses and credit card numbers to restore access.
  • Don't let the Trojan horse in. If you're confused why your favorite store emailed you an attached .zip receipt for a purchase you didn't make, it's because that .zip attachment contains a Trojan virus. Opening that attachment can execute a command to turn your computer into a botnet, download a keylogger, or just completely lock up your computer until you pay a ransom. You can always confirm your purchasing history with the store's customer service department or log into your online account.
  • Cover yourself with layered online security. You can shield your home or business from online threats with email spam and virus filtering and Web protection. Email spam and virus filtering keeps malware from finding you, and Web protection keeps you from finding it.
  • Don't forget the updates. Updates often contain security patches that can fix previous gateways for malware. If your online security solutions don't update automatically, schedule regular updates.

 
Subscribe to
Information Security Today







Bookmark and Share


© Copyright 2015 Auerbach Publications