Why you’re not as secure as you think you are

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://net-security.org/article.php?id=2104

There are 2.4 billion Internet users in the world today. Many of these
users, in good faith, leave their personal online security up to their
service providers. Sadly, time and time again, we see these companies fail
to effectively protect sensitive customer data.

Why are there so many breaches?

Since 2013, there have been close to 1 billion records stolen as a result
of data breaches. In the last year we have seen some of the most prominent
organizations fall victim to cyberattacks.

The Heartbleed bug became another major issue as the bug created a
vulnerability in the way browsers communicate to secure websites. The
vulnerability was discovered in the OpenSSL cryptographic software library
that is commonly used on servers utilized by banks, email providers, social
media companies, etc.

Attackers were able to listen in to communications between the server and
customers to steal passwords, personal data and more. While users were
prompted to change all passwords and create new, stronger passwords, many
of them were seemingly unaware of the seriousness of the security breach
and the Heartbleed bug still continues to be a problem.

eBay fell victim to hackers in one of the biggest hacks to date. Users’
personal names, usernames, encrypted passwords, email addresses, phone
numbers and date of birth were all stolen from its database. Even though
passwords were encrypted, poorly designed passwords can be cracked and used
by the hackers.

Target was also the victim of a hack when customer names, credit and debit
card numbers, expiration dates and CVVs were involved in the information
theft. Forty million credit card numbers were reported stolen from the
company’s 1,797 U.S. stores. Security experts believe that hackers had
access to the point-of-sale data, which means they either accessed the
terminals where customers swiped credit cards, or that they collected the
data as it moved from Target to credit card processors.

Are hackers getting smarter?

Hackers are not necessarily getting smarter but with the vast amounts of
data that can be stolen, they are becoming more organized and
sophisticated. In the last year, hackers have developed more advanced
approaches to steal valuable information and leave users completely
oblivious. Hackers have managed to effectively manipulate certain online
platforms to mimic popular websites enticing consumers to enter their data.
Hackers have also developed new bugs to infiltrate data centers and take
precious user information.

Are users more vulnerable?

Today, online users are more vulnerable than ever before because there is a
lack of awareness. Consumers take reasonable precautions to protect their
information, but sometimes these measures are not good enough. With the
growth of numerous online channels for shopping, banking and
communications, consumers’ sensitive data is an easy target for hackers
when a company is hacked. Increased use of social media and displaying
important personal information also puts consumers at risk as it allows
hackers to learn more about the targets’ lives.

With the growth of new mobile platforms, mobile data traffic is up 81
percent from 2008 to 2013. These platforms often save sensitive data and,
through cloud synchronization, this data is available on multiple devices.
If one device is lost or stolen, this can open the door for hackers to
access personal accounts – or worse – steal the users’ identity.
Even with the newest security measures some individuals take, no one is
ever as secure as they think. Here are some security and privacy tips to
always keep in mind:

1. Be mindful of links, even from trusted sources: If you are sure you wish
to visit a link a friend or business sends you, just type in the URL
instead of clicking the link as it may lead to a fake site created to steal
information or compromise your computer.

2. Own your online persona: Check your profiles often to be certain the
correct information is listed and that security and privacy settings are
set to the level you wish them to be. This is especially true for social
media sites as they often change their privacy settings and could actually
change yours by doing so.

3. Own your personal information: Be careful what information you post
online and who may see it. It is easy to steal your identity when
information such as name, age, birthdate, education, etc. is known. It’s
also easy for hackers to just hit the “Forgot Password” button and then
find the answers to your security questions by using search engines to find
your children’s names, mother’s maiden name, city of birth, etc.

4. Use social media with caution: On social networks, be careful about
adding apps, plugins, or other extras as they can be used to garner
sensitive information about you and your friends. Always read carefully
what these extras wish to have access to, e.g. a game or app does not
necessarily need to have access to your calendars, friends, and so on for
you to play a game.

5. Be mindful when "checking in:" Using apps that share your location gives
away private information and becomes not only an online threat but a threat
to your personal security as well. Make sure the social media network or
geolocation app you are using has the privacy settings you wish. While it
is nice to let your friends and family know what you are doing and where
you are, it can also let criminals know you aren’t at home.

By taking the necessary precautions online, we can all become a little
safer and keep our information protected.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!