The online world is so vast; it’s a vortex of data and a gateway for hackers. Just follow these straightforward and simple tips, which will make it harder for hackers, and keep you secure, writes Richard Cassidy, technical director EMEA, Alert Logic.
Open wireless access
As you take a seat on the comfy leather sofas in Starbucks, slurping on your foamy Café Latte, the next stage in the ritual is to catch-up on emails, read the latest news, listen to a podcast or just generally conduct web searches … but STOP. Most mobile devices now automatically connect to wireless networks but open wireless networks are inherently insecure. You are giving hackers easy access to your contacts, pictures, data, and possibly even your company data – making the exfiltration easy. Hotels networks are not exempt either. In fact, the issue with the tourism and leisure trade is that they focus more on getting customers writing great reviews on Trip Advisor and far less focus on the security of their IT infrastructure.
The DarkHotel threat, for example, is still prevalent. In short, the hackers infiltrate the hotel network before the guests arrive. By doing this, they know who the guests are going to be and, when the guests arrive, they inject spear phishing emails into the network which guests then click on and BINGO the job is done. The best you can do as a consumer is limit your exposure to those open networks and stick to trusted hotspot connections such as your phone’s network. The saying, when in Rome, does not apply to open Wi-Fi.
Apps – read the small print
You’re walking in the street and a stranger asks permission to use your phone. You have all of your information, photos, contact details etc on there and, of course, you politely decline. So why are you agreeing to let your apps on your phone do the same? The more access points to your data, the harder it is to retain security. Read the permissions list and tie it back to the app’s features: for example, why would a parking app need to access your photos, contacts, text messages and many more misunderstood and underestimated permissions? You’re right to be suspicious. I have a lot of apps; however my security settings are on absolute lock-down. There have been many occasions where I have not downloaded the app, for example Facebook messenger. If someone wants to contact me, they can do it the good old fashioned way!
Password recovery
Almost everybody has a password recovery set up of some sort. Most people are conscious that simple passwords are not secure, so they are making their passwords longer and stronger: but the knock-on effect of this is that hackers are looking to find the weakest link in, and so are now looking at taking over the password recovery process.’ Most of these recovery processes ask very specific questions such as: what’s your first pets name, mother’s maiden name etc. The problem is a lot of us share that openly on social media. Hacker can easily source this information and engineer a password reset for your account. Any password recovery question should have nothing to do with your life – or anything anybody could possibly know about you. Furthermore, don’t link it to an email account that has your name or anything do with you – link it to something
unscrupulous, so that people have no idea that this is your email account to link your password to. You have to always be one step ahead.
Common sense
Banks rarely communicate important account information via email, and never ask you to click on a link to access your account or to enter/provide security questions and anwers online. So, if you received an email from your bank either log-on directly to your application (without clicking from the email) or call them by phone to verify. Getting into the habit of never clicking on links within an email or opening unsolicited files will save you a lot of hassle, will keep you more secure, and is a best practice that will keep you a step ahead of the hackers. Some people store their credit card details on shopping sites. How many of us have said ‘yes save my details so I can go back and order’. The amount of exploits in browsers over the past year has been astronomical. You have to be savvy online- just enter your credit details manually! We were given fingers to type, so an extra 30 seconds of tapping could save you a fortune and a lot of unnecessary aggravation. If you know you have an account with a company that was breached – change all of your passwords – get a new credit card – protect yourself.
Companies have responsibility for making sure that they have the most secure systems, web applications and infrastructure possible to protect your data, but consumers definitely have a role to play in their own security. If you apply these small changes, you will make it a lot harder for hackers, and remember, if you are not sure – then it’s probably not secure.
