Hackers strike YahooRecently, Yahoo announced that upwards of 1 billion individual accounts had been hacked. In this instance, sensitive information including names, telephone numbers, passwords and unencrypted security questions used to reset passwords were compromised.
According to security experts, the data breaches were especially significant because the stolen passwords could help online thieves to break into commercial accounts where credit card or sensitive financial information is stored.
The revelation of extensive security problems at Yahoo was only the latest in a series of major hacking incidents. Quest Diagnostics, a medical lab operator, acknowledged that 34,000 of its customer accounts were breached. The stolen data did not include credit card information or social security numbers. But like the Yahoo case, the personal info that was pilfered could be used to penetrate other accounts.
Political hackingHackers are targeting politicians and government agencies too. Prior to the 2016 election, the Democratic National Committee’s servers were compromised, allegedly by Russian intelligence organizations. Politically damaging material was released, which may have impacted the presidential contest. Cybercrime has emerged as a major threat to individuals, organizations and national security.
Experts say the hacking incidents are here to stay because the Internet was designed with openness and information sharing in mind. Security, although important, was always a secondary consideration. As a result, there will always be soft spots which cyber thieves seek to exploit.
How you can protect your information
Yahoo, Quest and other affected organizations insist they are taking steps to bolster security that will protect user data. But safeguarding sensitive personal information can depend on individual responsibility too. What can you do to keep your info secure?
1. Don’t use the same password across multiple sitesCyber criminals are trawling through vast but less secure databases in the hopes of finding the digital keys that will get them in the door at more sensitive and secure sites. For instance, if the password you use at your financial institution is similar to the one you used at Yahoo, then you are at risk.
2. Change your passwords on a regular basisChanging your passwords regularly can help keep your info safe. If there is a breach at a company or service provider you use, then you’ll be asked to reset your password anyway. However, switching your passwords consistently means you are more likely to be protected in the interval between when a breach occurs and when it is made public.
3. Consider a password managerNo doubt, remembering all your passwords and answers to security questions is a daunting task. That’s especially true now that security experts recommend using long, complex and even random passwords instead of ones that are simple and easy to remember.
However, there are apps that allow you to create a master password, which you can use to unlock an encrypted digital vault containing all your other site passwords. Some of these programs can be configured to work with your iPhone so that you can unlock your vault with a swipe of your fingerprint rather than a master password. Most of these services are cloud-based and will allow you to synchronize passwords across multiple devices.
4. Enable two-feature authenticationThis security feature is an extra layer of protection that involves logging in with a password as usual. It is followed by a security code sent to your phone, which you’ll need to enter before accessing your account. Google and many financial institutions are using this secondary form of authentication. Experts insist it’s worth asking for.
You are only as secure as your weakest linkSecurity questions were designed to make recovering passwords easier, but the fact that they are often unencrypted has actually made it easier for cyber crooks to steal personal info. That’s because the Internet is a treasure trove of public data. Digital thieves can use background checks to easily piece together answers to security questions like “What is your mother’s maiden name? If possible, choose a security question that is non-obvious, hard to guess and difficult to piece together.
Beware of phishing attempts. Cyber crooks succeed, all too often, because people inadvertently hand them the keys to their personal data. Emails urging users to click on a link to reset their passwords can look legitimate — and sometimes they are — but many are not.
Any email that does not contain your personal information (like your full name) should be ignored. Even messages that do should be viewed warily. If in doubt, do not click the link directly. Instead, type the organization’s web address in your browser manually. You should see “https” to the left in the address along with a “lock” icon. These should appear on any page that asks you to submit sensitive information. Counterfeit websites, just like phony emails, can trick people into disclosing their valuable personal information.
Hacking smart devices
The explosion in the ways we connect to the Internet increases our vulnerabilities, which cyber criminals will seek to exploit. Smart devices, iPhones and the “Internet of Things” give people greater control over their environments than ever before. However, hackers are also finding ways to seize control of them for nefarious purposes.
For example, in 2015 the technology firm Rapid7 exposed security flaws in some cloud-based digital insulin pumps, which diabetics use to manage their condition. According to the firm, hackers could remotely trigger the devices with potentially fatal results for some patients. Cybersecurity experts believe everything from car brakes to the shutdown mechanisms at nuclear power plants could be hijacked by hackers.
Cyber criminals going mobileDigital users have been migrating to mobile and so have criminals. The trend towards “Bring Your Own Device” at work has many advantages — including convenience and productivity — but it creates a weakest link situation, which businesses must address. A report by Lacoon Mobile Security found that less than 1 percent of mobile devices at large companies were infected with malware. That figure may not appear alarming, but experts insist even a single breach could cost millions of dollars.
Consumers, of course, love mobile apps. So do businesses that reap enormous profits from developing them. Unfortunately, in the gold rush to cash in on mobile apps, just 60 percent of the companies bringing them to market scan their code for security flaws.
Larry Ponemon, the founder of a think-tank dedicated to data security, insists that firms must do a better job educating employees on how to keep their smart devices secure. Solutions include software options that keep personal apps and work apps separate when they are on the same device. Failing to keep mobile units safe will allow cybercriminals to “gather vast fortunes,” cautions IBM’s Caleb Barlow.
Hackers hit on dating sitesRecently, security professionals have called attention to poor safeguards in mobile dating apps. In particular, studies indicate that 63 percent of these popular programs have significant vulnerabilities. One troubling flaw, for example, involves GPS tracking of a user’s location even when they weren’t using the dating app. The company that developed the app may only use this information for marketing purposes. However, a vulnerability in the app itself could allow hackers to misuse this data.
Ashley Madison, a dating site that arguably went too far by marketing itself as a venue to find extra-marital bliss with the slogan “Life is short, have an affair,” recently had a double comeuppance. It was breached by hackers last year and forced to pay a $1.6 million fine for lax security. The company is also facing numerous class action lawsuits from many of the 36 million clients that had their personal information exposed. In all likelihood, the hackers may have tried to use the stolen information to blackmail Ashley Madison’s clients.
Hackers peddle stolen info in the web’s dark cornersIn fact, security professionals insist there is a “dark corner” of the web where hacked information is sold. Information pilfered from companies like Target, Verizon, Quest Diagnostics, Yahoo and others is peddled to everyone from petty crooks to spammers to international spies.
In some cases, an individual database may contain a treasure trove of sensitive information. In other instances, the data may appear to be fragmentary and insignificant. However, many criminals are using big data programs to comb through the seemingly mundane information collected in order to compile a complete profile of potential victims.
Security experts insist “this is the new normal.” Keeping your personal information as safe as possible means being as aware and vigilant so that you can take reasonable precautions. Preventing crime — be it in the real world or the digital realm — begins by not doing things that make things easier for the crooks.
— Scott O’Reilly