Information security could not be more topical at the moment, and information (often stored on multiple devices) is now just as valuable to criminals as our physical possessions. This means, in the same way you set intruder alarms and invest in home insurance, taking protective measures for your information and data needs to be a priority for everyone.
Technology really does seem to be man’s best friend now. We rely so heavily upon it to store and transfer data at the push of a button, and much of this information could be very valuable should it get into the wrong hands. Our reliance on technology means that it is has created a new breed of criminal – one ready to take advantage of any information security vulnerabilities they can find in order to gain unauthorised access to data. They could target either individuals or entire organisations depending on their skillset and level of commitment. The relative ease at which cyber-crimes can be committed (it’s easy, e.g., to send tens of thousands of phishing emails in under a second), and the sheer amount of information stored on computers, means that digital information security is perhaps the most at risk; a fact that means the steps we take to protect ourselves need to be improved.
Approximately 4,000 malware attacks are happening every day, many of these being ransomware, where criminals lock/encrypt the user’s device and demand a payment in order to undo their actions. Teamed with the fact that 230,000 new forms of malware are being developed every day, burying our heads in the sand definitely won’t help mitigate the risks.
Problems from Within
It’s important to remember that no organisation is immune to information security breaches. Many business heavyweights have been exposed as victims to cybercrime. Ebay, the online auction giant, was hacked in 2014 for example, resulting in the criminals getting hold of the details of 145 million users. The perpetrators were able to get into the network using the credentials of three corporate employees. This entry point gained them access to everything, eventually exposing the databases with customer information.
Names, addresses and passwords were compromised, although thankfully users’ credit card details were stored elsewhere. All the same, the company was criticised due to the amount of time it took them to contact users about the breach and prompt them to change their passwords. This solution should have been enacted much more quickly than it was, and put peoples’ data at an unnecessary risk – especially those who re-use passwords across other platforms and services. As a result of the scandal, user activity on eBay declined, highlighting that even the most successful household names can be tarnished by information security breaches.
Criminals can use emails to send malware, e.g. in malicious attachments, or by prompting recipients to click on hyperlinks that really begin a download process. By downloading unknown attachments or clicking on such links, users could inadvertently download malware that could infect the entire organisation’s network. They may also download a means by which for hackers to have permanent entry points to company servers, data bases and so on. These can go unseen and undetected for months and years.
Phishing emails are another way that criminals can find a way in to gain access to confidential information via email. By posing as a legitimate source, such as your bank, criminals request information via authentic-looking, branded emails and fake websites. It only takes one recipient in thousands to fall for the scam in order to make it worth hacker’s while. Once they have the log in information or account details required, cyber criminals can access your real account or sell the information on.
Security gateways are a good way to for you to control more of what finds its way into your inbox in the first place. The gateways are able to detect and block harmful content from getting into the network, as well as preventing the transmission of sensitive data such as credit card information. This could be in the many forms of malware, phishing attacks, and general spam.
Basic email awareness training shouldn’t be considered ‘dealt with’ if you have a gateway. Although they do a lot of good in strengthening your information security efforts, human training should be a priority too. Harmful emails can still find their way into an inbox, and all it takes is one member of staff to click on a disguised link to infect the network. As such, awareness training to create a compliance culture is a must to mitigate risks and empower members of staff to spot threats and suspicious activity. A clear whistleblowing policy will also help honest employees share suspicions should they have any.
Social Media problems:
Our love-affair with social media is something that isn’t going to disappear any time soon. The average person spends up to two hours a day checking and sharing information on the platforms. The problem with this is the amount of information we are willing to share, all because we view it as an informal, fun space rather than a place that could be under threat from criminals. Unfortunately, it is exactly this attitude that means it is where hackers flock to when looking for a new victim.
Cyber criminals can use social media to build fake-profiles and connect with many people in the hopes of being accepted on their friends list. Much like with emails, it only takes one user to accept a request for it to become much easier for cyber criminals to then connect with their connections more legitimately, as in ‘friend of a friend’. One example of this came in the form of ‘Mia Ash’, a so-called London-based photographer that made links with corporate employees under the guise of working together. Once she’d built up enough connections, she sent out a strain of malware known as a trojan horse, a virus disguised as harmless, inviting people to open it. The use of social media allowed her to gain a certain level of trust with audiences from all over the world, thus spreading the malware far and wide and causing more havoc.
Social Media solutions:
The privacy settings on social media platforms allow users to control who can see the information they put out there. Users of social media should always be aware of their level of privacy, and review it regularly as settings change, particularly information shared with third-party applications. Although there are lots of social media sites out there, all with slightly different privacy settings and requirements, most social media platforms make it easy to adjust privacy under the settings page of their websites and apps.
Once again, a mixture of software/settings and awareness training is the most effective step you can take in maintaining information security