Waikato Business News December 2017/January 2018

WAIKATO BUSINESS NEWS December 2017/January 2018
15
Why rob a bank when you can steal data
In the last two years there has been more
data recorded than in the previous entire
existence of mankind.
Data breaches are occurring
with frequent
abundance but notably
recent big data breaches such
as Yahoo with three billion user
accounts and credit reporting
agency Equifax affecting about
143 million customers occurred
earlier this year.
Once acquired, stolen data is
typically sold on the Dark Web,
which is a vast marketplace
for anything and everything
illegal. The cost of purchasing
information depends on availability
i.e massive data breaches
flood the market and reduce
the cost and the type of information.
Full credit card details
including card number, CVV,
name etc could vary between
$13 ( in equivalent Bitcoin) to
$21 depending on the value of
the account. Online account
information can sell for more,
from $100 to $1000 for large
accounts (according to publicly
available information).
The value of stolen data and
the occurrence of massive data
breaches isn’t going to disappear,
it’s up to the individual
and the responsibility of businesses
to take steps to protect
your data.
Protecting your data
• Manage your account passwords,
especially your
email account - regularly
update them. I find the best
approach to remembering
passwords and one of the
most secure and hardest
to break are long phrases
strung together like “iwouldratherbefishing”
or the
lyrics from your favourite
song…
• Avoid opening email attachments
and clicking on
malicious links. This is the
most common entry point
for malware entering your
computer systems. Social
engineering of phishing
emails designed to make
you click or respond has
come a long way. Gone are
the days of the obvious to
detect poorly constructed
and grammatically incorrect
phishing emails. More
likely than not they will be
a near perfect replication of
an email you would expect
to receive from one of your
suppliers like a bank or courier
company.
o There are software applications
like Microsoft
Advanced Email Treat
protection that can help
protect your staff from
clicking on malicious attachments
or links.
• Don’t visit or use websites
that are not secure, look
for a padlock that is closed
to the left of the URL. This
ensures traffic to and from
the website is encrypted and
the web host has applied an
SSL encryption certificate.
Websites that are not SSL
protected are more likely to
get hacked.
o Websites that have been
hacked with malicious
content can infect any
visitor to the website
in what is known as a
“Drive By Attack” where
merely visiting a website
can be enough to infect
your computer systems,
especially if you are using
outdated web browsers
or older operating
systems. For this reason
it is important to ensure
your web browser and
operating systems are
modern, up-to-date and
fully patched!
o When visiting websites
you interact with you
should check their site’s
security policy so you
understand what information
they are collecting
about you and how
this information will be
used.
o Bookmark sites you use
for online shopping or
frequently use. This is
to help prevent you from
being tricked to access a
socially engineered website
that pretends to be
something it’s not.
• Limit your exposure on social
networks by tightening
up your security settings on
these sites. Most social media
sites now enable you to
define your security according
to your personal preferences.
Be careful about how
much information you post
about yourself… like your
location. “Hi I’m on holiday
overseas for three weeks”
or “just moved into my
new flat at 100 OpenHouse
Street” or financial information
such as “just won
1st division Lottery retiring
tomorrow”.
As we move into a new year,
there is no better time to reflect
on how well prepared you are
and to take steps to improve
your data protection strategy.