By Sonia Blizzard, MD of Beaming
These days, putting your information online is something that appears to be an almost-daily occurrence. Credit card details, date of birth, mother’s maiden name – these are just a few things that we have all entered into a website at some point or another. But, where is this information going? Who can see it, and, are you sure you know exactly who has access to that information?
As we go into an ever changing world of technology. In the article below I discuss some of the reasons why attitudes towards online safety needs to change – and fast, before the future of technology catches up with us.
Online security and safety is a constantly recurring topic, yet who is actually doing anything about educating people about the implications of it? Should we be teaching classes at school about the dangers of posting sensitive information online, and, if we did, would it actually be listened to? Is it more of a cultural change that we need to adapt to and will it take a data ‘disaster’ in order for this to happen?
It sounds melodramatic, but actually data disasters are fairly common, and, all the time we are thinking ahead, so are the fraudsters who are only too keen to get hold of our personal or company data, and the methods in which they attempt this are forever getting more complex.
Think of the recent story which broke out around the Angry Birds app, where US and British spy agencies were reported to frequently attempt to gain access to personal data via the mobile application, where locations, websites visited and contacts were among the data targeted.
When stories such as these break, only then do the dangers of hacking come to light. But, the truth is, it is only the exposed cases that we are aware of, and there is a strong likelihood that there are many more attempts to hack into networks and computers going on behind the scenes, which can often go under -reported.
As the Angry Birds case demonstrates, more often than not it is only the very basic information that is needed by fraudsters in order to get in. This story was one leaked by Snowden back in January, who was also involved in claims made against the National Security Agency (NSA).
Former NSA contractor, Edward Snowden, leaked information that the American security service was involved in industrial espionage. He made headlines after an interview took place on Germany’s ARD TV channel in which he made the accusations.
After the row broke out it also came to light that Chancellor Angela Merkel’s phone had been bugged, causing several trans-Atlantic trust issues that are still having a rippling effect.
Both the Snowden cases highlight that the possibilities for harbouring, stealing and using and abusing data are endless and can be very damaging when it falls into the wrong hands. These stories are also just a couple of examples which expose the possibility that methods such as industrial espionage – or the illegal acquirement of another company’s data or classified information – are things that companies are willing to resort to. As technology advances, I am sure that these dirty tactics will only get smarter and more complex.
The Internet of Things, for example, is a concept which has been talked about for the last few years, but unless we are able to harness the awareness of how much data will be going online, this could prove to be a very risky process.
By equipping all objects in the world with identifying devices will mean that everything will be electronically tagged, and therefore all data can be traced. You may not think that whilst your business’ information about stock or waste products may not be of interest to anyone, there could well be opportunities present in some of the least-expected places.
Perhaps your competitors, for example – how would you feel if they decided to go through your rubbish bin and dig out all your old bank statements, order forms etc.? There is the potential for this to happen digitally if businesses are not well-enough prepared and have taken proper precautions to protecting their data. Again, I think this comes back to the point for the need to educate people on the real risks that come with network security, but I think there is still some way to go to achieve this.
Another story which broke out recently was one of the dangers of using open or unsecured networks through a mobile device – particularly for rail users who were often using the internet on their daily commute to work.
What this seemed to come down to was the lack of awareness of how the risks of using open networks could mean jeopardising the data that was being transferred from the mobile device.
Generally, if no password or login credentials are needed to access a network, the consumer will take this as a green light to log on because it means there is no complicated login process or further passwords to remember. However, what they are likely not to realise is that this is the worst type of network to connect to, because it is completely unsecured. Chances are they won’t know what or where their information is connected to – it could even be connected to someone else’s device. Bad idea!
The problem is that if the open networks are provided by a reputable company, then this further reinforces the comfort and safety of the user. For example, networking hotspots are often in airports, therefore an everyday traveller would assume that this was being accessed by thousands of people and therefore potentially wouldn’t question its authenticity.
This could equally apply to your business premises. If your business allows employees to bring in their own device, is your network safe for them to use, and, equally, do you know who is accessing theirs, and your, information?
Your company should have an effective BYOD (Bring Your Own Device) policy in place but if it doesn’t, it is important that there is an enforced awareness throughout the organisation of the ways in which data could be compromised.
Legitimate vs non-legitimate hacking
Trouble is this brings about another issue: legitimate hacking vs non-legitimate hacking. In other words, authorised members of staff who may well need to access a network from a remote location (legitimate) and the traditional hackers, otherwise known as “crackers”, who are up to no good. But how do you differentiate and, is there really a way you can just filter out the bad hackers?
The answer, in short, is yes and the best way to do this is through a private network.
Virtual Private Networks (VPNs), should only ensure that those authorised to do so can access data, even if they are out of the office. These networks are also a cost effective way to connect to other offices, if they are in alternative locations.
A lot of hacking comes from within. Malicious insiders could have access to a plethora of information and all they’d need is a USB stick or use data file transfer systems such as Dropbox to pull down someone’s IP without having to hack into anything.
Talking of Dropbox, this is another area which presents a real cause for concern to me. Just like BYOD, it carries a huge risk to the protection of your company data. Why? Because it is cloud based.
Where is this cloud, everyone speaks of? Can you really say you know exactly where all your information is located and who has access to it at all times? If not, would you consider the cloud as the concept of “another person’s computer”? When you do, does it concern you a little more about how well your company data is being protected?
If you use Dropbox, the chances are you will rely on it for your day to day storage and sharing of files and data across your company and, when used securely, this can be a great tool. However, if someone hacked in to it, they could potentially have access to all your company information, which is potentially disastrous. Not only could you put all your data at risk, but those of your clients’ too.
Again it comes back to the point that Dropbox, in itself, is still a reliable and trustworthy source. To the unsuspecting person, this would be seen as the best way of transferring information, and in theory it is – until you start to think of it as “someone else’s computer”.
Other sites too which use similar cloud related technology could also be applied to this thinking – how secure is your Facebook profile for example?
Not only have Facebook also been under fire recently for the way in which they use their users’ data and profile information, but it is also a hackers’ paradise.
Sure, its password protected, but is that really enough? Hackers only need basic information such as your full name, date of birth, first line of address, which is usually visible on your profile without even logging in to the Facebook site itself. How much of this information is present on your profile right now? Even mother’s maiden name can be easily guessed through your friends list – are people listed as cousins? Aunties? Uncles?
This is all information which is voluntarily being handed over on a day to day basis and there is little responsibility from the users in terms of how safe this information really is. Both well-educated companies in the know and fraudsters alike will be banking on the average user letting their guard down when it comes to data – and when that happens, that is the perfect time for them to strike.
So what does this boil down to?
I feel at the moment, this is still on a very small scale – so now is as good a time as any to really get stuck in to ways in which we can really begin to protect ourselves from the risks of network security, both in our work lives and in our personal lives.
The world is about to explode with technological activity and the internet is set to be at the heart of that. That’s why the remote access aspect is only one small part of the issues regarding the future of technology.
For starters, investing in a private network is the best way to go as it’s a sure fire way to keep hackers out whilst keeping authorised members of staff in.
It would also be an idea to re-approach attitudes towards security in your organisation and help to ditch the blasé attitude to what information is being shared online and how you are storing your data.
Finally, check your firewall settings. Could you install more firewalls to back each other up if one was to fail? When it comes to protecting your company data, it’s always a good idea to double up on security and most organisations will only use one firewall to do this. However, it could be that this single firewall is protecting a multi-million pound business and all could be lost if this was to fail.
So in 2015 and beyond – be prepared. Analyse your network behaviour, secure your firewalls and instil a better attitude towards protecting data. This should help give you a more secure way of working and keep the hackers at bay!