We all know hacking exists, but do you really know just how easily information can be exploited and how most companies (and individuals) aren’t prepared to play defense?
Defcon, an annual Las Vegas conference for hackers to swap tips and show off their cunning technical coups, recently displayed just how easy it is to exploit you and your business, by hacking none other than... mega corporation, Wal-Mart. As Shane MacDougall, hacking artist extraordinaire and head of corporate espionage defense service, Tactical Intelligence, puts it, “Social engineering is the biggest threat to the enterprise, without a doubt. I see all these [chief security officers] that spend all this money on firewalls and stuff, and they spend zero dollars on awareness." While the state of Nevada requires all parties on a phone call to consent to phone taping, fortunately for the Defcon attendees there isn't a law against public broadcasting these phone conversations for all Defcon audience members to hear MacDougall break the mega-giant, Wal-Mart, into easily sharing their private information. Don’t be Defcon’s (or worse, a real hacker’s) next victim!
Mat Honan, was a personal victim of a real hacker who desired to wreak havoc from his twitter account. Unfortunately for Mr. Honan, the collateral damage was extreme and traumatic when his iPhone and Macbook were both wiped completely allowing his hacker full and undisturbed access to Mr. Honan's twitter handle. E-mail address, billing address, and credit card information are the only facts a hacker needs to cause such serious damage, and surprisingly it's quite easy to get a hold of this personal info with the trust we place in Apple security and online shopping carts, like Amazon.
HERE ARE SOME HACKING PREVENTION TIPS WE’VE COME UP WITH TO KEEP YOUR BUSINESS INFORMATION PRIVATE:
- Beware of phishing scams via phone... They're not just for email.
- Be careful about revealing details on your network configuration, computer systems, security systems, employee personal information, employee hours and, of course, anyone's personal identifying information.
- Have a policy in place stating what information is sensitive as well as where and how it can be shared.
- Back up data regularly. Don't be a victim of lost photographs, documents, and cyber-valuables in the case of an extreme hack. Make sure the important contents of your cell phone, laptop, tablet, etc. are backed up on to an external hard drive.
- When checking out after online-shopping, don't have the payment system remember your billing information. This stored information can later be accessed and reused maliciously against you. Take the extra time to retype your billing address and credit card information each time you check out, because it could save you from getting hacked.
- Don't link all of your important e-mail accounts. By linking your most used Gmail account with your iCloud protecting Apple ID you are providing a hacker with easy access to control all of your online presences.
- Don't use the same prefix for all of your accounts. This makes it easy for a hacker to guess what your other account information will be, if you consistently choose an identical username for everything. (i.e. designbrooklyn@gmail.com, designbrooklyn@me.com, designbrooklyn@designbrooklyn.com)
- When in doubt, just say “No!”... here's how:
- Tell the caller you are more than willing to give them any and all information, but can they please hold while you locate your rolodex, then place the phone down, walk away, and forget about them. (**Kudos if you place musak near the phone, either full blast or just soft enough they can barely distinguish the well-known sax melody.)
- Talk to them like a dog: very forceful and short, "No! Bad dog, bad bad dog... No!"
- Say you are going through a tunnel; Proceed to make the loudest, most annoying static noises and hang up. (A favorite for land lines.)
- Start speaking in any foreign language. Don't know one, make one up!
Awareness is key, so we hope you implement these precautionary measures and beware of hackers. Although feel free to give us a list of businesses you'd like to prank, because DB would love to attend Defcon 2013!
If you do chose to keep a hard copy of your login and other connection credentials, be sure they're not in a place where your dog could eat them. We learned our lesson the hard way!
For more information: money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm and www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
