Waikato Business News December 2017/January 2018
Waikato Business News has for a quarter of a century been the voice of the region’s business community, a business community with a very real commitment to innovation and an ethos of co-operation.
Waikato Business News has for a quarter of a century been the voice of the region’s business community, a business community with a very real commitment to innovation and an ethos of co-operation.
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
WAIKATO BUSINESS NEWS <strong>December</strong> <strong>2017</strong>/<strong>January</strong> <strong>2018</strong><br />
15<br />
Why rob a bank when you can steal data<br />
In the last two years there has been more<br />
data recorded than in the previous entire<br />
existence of mankind.<br />
Data breaches are occurring<br />
with frequent<br />
abundance but notably<br />
recent big data breaches such<br />
as Yahoo with three billion user<br />
accounts and credit reporting<br />
agency Equifax affecting about<br />
143 million customers occurred<br />
earlier this year.<br />
Once acquired, stolen data is<br />
typically sold on the Dark Web,<br />
which is a vast marketplace<br />
for anything and everything<br />
illegal. The cost of purchasing<br />
information depends on availability<br />
i.e massive data breaches<br />
flood the market and reduce<br />
the cost and the type of information.<br />
Full credit card details<br />
including card number, CVV,<br />
name etc could vary between<br />
$13 ( in equivalent Bitcoin) to<br />
$21 depending on the value of<br />
the account. Online account<br />
information can sell for more,<br />
from $100 to $1000 for large<br />
accounts (according to publicly<br />
available information).<br />
The value of stolen data and<br />
the occurrence of massive data<br />
breaches isn’t going to disappear,<br />
it’s up to the individual<br />
and the responsibility of businesses<br />
to take steps to protect<br />
your data.<br />
Protecting your data<br />
• Manage your account passwords,<br />
especially your<br />
email account - regularly<br />
update them. I find the best<br />
approach to remembering<br />
passwords and one of the<br />
most secure and hardest<br />
to break are long phrases<br />
strung together like “iwouldratherbefishing”<br />
or the<br />
lyrics from your favourite<br />
song…<br />
• Avoid opening email attachments<br />
and clicking on<br />
malicious links. This is the<br />
most common entry point<br />
for malware entering your<br />
computer systems. Social<br />
engineering of phishing<br />
emails designed to make<br />
you click or respond has<br />
come a long way. Gone are<br />
the days of the obvious to<br />
detect poorly constructed<br />
and grammatically incorrect<br />
phishing emails. More<br />
likely than not they will be<br />
a near perfect replication of<br />
an email you would expect<br />
to receive from one of your<br />
suppliers like a bank or courier<br />
company.<br />
o There are software applications<br />
like Microsoft<br />
Advanced Email Treat<br />
protection that can help<br />
protect your staff from<br />
clicking on malicious attachments<br />
or links.<br />
• Don’t visit or use websites<br />
that are not secure, look<br />
for a padlock that is closed<br />
to the left of the URL. This<br />
ensures traffic to and from<br />
the website is encrypted and<br />
the web host has applied an<br />
SSL encryption certificate.<br />
Websites that are not SSL<br />
protected are more likely to<br />
get hacked.<br />
o Websites that have been<br />
hacked with malicious<br />
content can infect any<br />
visitor to the website<br />
in what is known as a<br />
“Drive By Attack” where<br />
merely visiting a website<br />
can be enough to infect<br />
your computer systems,<br />
especially if you are using<br />
outdated web browsers<br />
or older operating<br />
systems. For this reason<br />
it is important to ensure<br />
your web browser and<br />
operating systems are<br />
modern, up-to-date and<br />
fully patched!<br />
o When visiting websites<br />
you interact with you<br />
should check their site’s<br />
security policy so you<br />
understand what information<br />
they are collecting<br />
about you and how<br />
this information will be<br />
used.<br />
o Bookmark sites you use<br />
for online shopping or<br />
frequently use. This is<br />
to help prevent you from<br />
being tricked to access a<br />
socially engineered website<br />
that pretends to be<br />
something it’s not.<br />
• Limit your exposure on social<br />
networks by tightening<br />
up your security settings on<br />
these sites. Most social media<br />
sites now enable you to<br />
define your security according<br />
to your personal preferences.<br />
Be careful about how<br />
much information you post<br />
about yourself… like your<br />
location. “Hi I’m on holiday<br />
overseas for three weeks”<br />
or “just moved into my<br />
new flat at 100 OpenHouse<br />
Street” or financial information<br />
such as “just won<br />
1st division Lottery retiring<br />
tomorrow”.<br />
As we move into a new year,<br />
there is no better time to reflect<br />
on how well prepared you are<br />
and to take steps to improve<br />
your data protection strategy.