Donald Trump, love him or hate him he's all over the media at the moment. Chances are if you read an article, it's either Brexit or Trump (sometimes it both!). Right now there's a lot of discussion regarding the US presidential elections. Trump's opponent is the democrat nominee Hilary Clinton. She's trying to become the first female US president however, she has been involved in various internet security issues regarding her private email server which resulted in the FBI saying that Hilary Clinton was “extremely careless in their handling of very sensitive, highly classified information."
The issue with Hilary Clinton's private email server is that it was very insecure. This can cause alarm in many business owners. If a member of the US government's email server is not secure, what can businesses do to protect themselves? What can you do about internet security?
Well there is hope; the FBI did mention that Hilary Clinton's server did not have any full time security staff, unlike a “commercial service like Gmail". So as long as long as you use a reputable email provider, you can rely on their servers being secure.
Your Email Is Key
Whilst it is still extremely important to protect all of your online passwords. You email is quite literally a key to almost everything you do online. If somebody has access to your email, through an inbox search, they can discover every account liked with that email. They can then use your email to reset passwords to whatever they wish. From that they now have total control of your account. This could be devastating if they manage to control an account that is linked to any bank details.
How Are People Hacked?
You might be reading this thinking “How can a hacker guess my password?" well the simple truth is, the hacker doesn't guess your password, they have hackerbots for that. By using bots a hacker can be anywhere in the world and use bots to try various password attempts over and over at alarming speeds.
A hacker bot don't usually target big websites like Google, they just can't get in. However, they can break through the security systems used in the various forums that you signed up for five years ago. The hacker then will check your username and password against other accounts on the internet because many people often use the same username and password for all the websites they use. This means once that website with low security is compromised, all of your accounts are compromised.
Many of us experience spam/phishing emails. People from various parts of the world try to get to access to personal information and passwords through these emails. James Veitch decided for research purposes, to reply to phishing emails. Whilst his presentation in the video is certainly comedic, the outcome of phishing is no laughing matter. People are scammed out of their life savings from emails claiming to be able to help them earn more money or ask for money to help them with medical conditions.
One of the most important pieces of email advice is. Only open email if you can say yes to both of these questions.
- Do I know the person/business that sent this email?
- Am I expecting this email?
We Live An Aquarium Life Online
Some people suggest that we live an aquarium life online. Some say that whatever we are doing, somebody is watching. For the most part, this is true.Advertising is a massive industry, by using the data collected by search engines and social media websites advertisements can be tailored to us. This means we are more likely to click on Ads.
Our information is so valuable, look at companies like Google. They are extremely successful and very profitable. Yet, most of Google's services are free. The information Google takes from your internet browsing patterns is very valuable to advertisers. From this information Google can target advertisements to you. This means the more information they have about you, the more targeted their advertisements can be and thus the more money they can charge for the opportunity to advertise through Google. Think of all the information you could learn from reading somebody's email? Over a few years of using email, you could figure out somebody's preferred music taste, their hobbies and other sorts of personal information that only close friends would know about. As Andy Yen said during a TED talk, Email is more like a postcard than a letter. Whereas a letter is in a sealed envelope, anyone who sees an email can read it.
Why Do People Hack
Pablos Holman said “Hackers have a mind that is optimised for discovery". He explains this through the world of gadgets. A lot of people ask, 'what is it' or 'what can it do'. As Pablos Holman explains, a hacker asks “what can I make this do?"
People hack for different reasons. Some do it to break systems so they can be rebuilt bigger, these people are known as 'white-hat hackers' or ethicalhackers. Recently it was reported that Apple is offering up to $200,000 for hackers that find security flaws in their products. It can be easy to understand the benefits of employing ethical hackers because they help businesses stay better protected against malicious hackers.
The challenge is that security teams have to protect every possible line of attack. Think of a medieval castle, it is under siege by an opposing army. That army only has to find one weak point and exploit it in order to gain entry. The defence has to make sure every possible weak point is protected and reinforced because they don't know how the opposing army will attack.
This is how the world of security works, you have to plan and protect against everything, because you don't know how or where malicious hackers will strike.
Hacked data is very valuable. Just as data collected by Google is valuable, so is hacked data. Even if a hacker cannot find anything of value from the passwords they have stolen from you, they can sell these online and make a profit that way. They do this on what is known as 'the dark net'. This is different from the surface web, where websites such as Google and Facebook exist. The dark net is a section of the internet that is highly focused on privacy and anonymity. The dark net is an incredibly useful way for journalists and activists to operate in areas of the world where they don't enjoy freedoms like a free press. Whilst the dark is very useful in this aspect, like many things, it also has a dark side. The anonymity and privacy of the dark web enables people to sell hacked data, illegal drugs and other illegal items without having to leave your PC. If you'd like to learn more about the dark web, Techquickie has a short video which explains how the dark web is used and how it differs from the deep web.
PCI DSS Level 1 Compliant
Here at Advansys, we are PCI DSS level 1 compliant. This means we have the highest possible level available with the Payment Credit Card Industry Data Security Standard (PCI DSS) which shows that all of our business processes meet the highest level of security throughout a credit card transaction.
Criminals are going more high tech. Hacking is becoming more and more accessible and the publicity surrounding various hacktavist organisations/collectives only further pushes hacking into the minds of people. Even people like Mark Zuckerberg are not safe, a hacking group named OurMine hacked his Twitter, LinkedIn and Pinterest accounts. It was also reported that apparently, Mark Zuckerberg used the same password across all three accounts “dadada" which just goes to show how important it is to keep your passwords different.
As criminals are becoming more high tech, it's very important to keep your security up to date. As well as being PCI DSS level 1 compliant, we also have fraud screening systems in place.
It is impossible to 100% guarantee that your system is 100% fraud proof; however we can bring the risk as low as possible through steps such as a 3D Secure Test, BIN/IIN Check, Maximum Value Check and Know Your Customer Checks.
For those interested in learning more, we have created a payment data and security page, where you can learn more about the following fraud checks and the steps required to become PCI DSS level 1 compliant.
What Can You Do To Stay Safe Online?
It's impossible to be 100% safe online. You can however, take steps to make yourself as safe as possible. One of the best things you can do is to something called 2-step verification. This requires you to use two passwords when you log in. The first password is known to you all the time; the second is temporary and is sent to you usually from either a phone app or a text message.
This can make your accounts extremely secure. Recently however, a very popular YouTuber named Boogie2988 (with over three million subscribers) was hacked even though he had 2-step verification. This was done because somebody phoned his mobile service provider and convinced them that they were the owner and asked for the phone number to be transferred to a different phone. This then enabled the hacker to use 2-step verification to gain access to their emails and other important business related accounts which led to his YouTube account being deactivated. For any professional to lose their business's online space, is a devastating loss.
There is hope however. This is an extremely rare case. The chance of a hacker knowing enough personal details about yourself (such as your name and phone number) is unlikely, unless you are a professional who is in the public eye (like a YouTuber). So for most people, 2-Step verification is a great step to protect your account. For those who would like to learn more about how Boogie got hacked, he released a video explaining how he was hacked and the steps he has taken to protect himself from similar attacks in the future.
You can also protect yourself with what is called a password manager. Lastpass and Keepass are popular examples of password managers but many others are available. These programs store extremely hard to crack passwords that will be different for every website. Complete words or a series of logical numbers like “October87" are significantly easier to crack than a password consisted of random characters like “sL8@#qpwoEI" (which would take 400 years to crack, according to https://howsecureismypassword.net/ ). This is where the password manager really earns its high praise. With a password manager, you can create a single password, for the manager and then have passwords so difficult to guess that you can't even remember them for everything else.
You need to protect your password manager because if your password manager is compromised, everything is. The best way to do this is with a very strong password that you change often. Think of your password in a similar way to your bank card. If you lost your bank card, you would immediately phone the bank and have the card cancelled. So if you suspect your password is compromised, change it as soon as possible.
A strong password would be at the maximum character limit, but if you struggle to remember that many then you should make it at least 10 characters long. Also include both uppercase letters, lowercase letters and also include numbers and special characters (like @ and #).
If you take these steps, whilst you're not “unhackable" you're as close as you can realistically hope to be.
Don't Risk Security – Choose Advansys For Secure eCommerce
At Advansys, we have worked with many businesses over the years providing them with secure eCommerce solutions.
If you're concerned about internet security or you'd like to learn more about the secure eCommerce options available. Call our team of specialists today on 0845 838 2700.