I Can Stop Your Heart at 50 Paces
Jun 17, 2013
I Can Stop Your Heart at 50 Paces
Jun 17, 2013

Is your business safe from modern hackers?

The world has been stunned in the last couple of weeks by news of the death of Barnaby Jack, the famous hacker who made ATMs spit out money without so much as a bank card (an action since named ‘Jackpotting’), resulting in the upgrade of software by many big banking corporations.  He also demonstrated his ability to deliver an electric shock from 50 foot away to someone wearing a pace maker and deliver a potentially fatal dose from an insulin dispenser within 300 feet without the need for a serial number.  He was sadly found dead in his apartment just as he was due to attend the 2013 Black Hat conference.  He was to give a presentation on the vulnerabilities of various pieces of medical devices and give safe demonstrations of attacks.

While Jack’s intentions were noble, his work illustrates the level of threat to all modern day businesses and individuals.  Even major companies in the technology industry have not escaped modern day hackers.  PlayStation and Apple are but two of the major organisations that have experienced major breaches of their secure data.  The breach of PlayStation compromised over 77 million accounts and Apple’s ‘downpocolypse’ is at the very least an embarrassment: very scary stuff and certainly something you do not want for your own company.

The good news is that there are a number of policies you can put in place to safeguard your data and reputation.  Last year, writer Mat Honan was famously hacked and his digital world dissolved.  His Twitter account was hijacked and used to publish racist and homophobic comments and all data was deleted from his Cloud account, resulting in the loss of family photographs spanning the lifetime of his child as well as preventing him from regaining access to his account.  The hacker’s motive had not begun as an attack on Mat’s personal information but on his Twitter account purely to create havoc.  Mat, himself admits that had he followed some simple security advice the intrusion would have stopped here and his personal and professional data would have been kept safe.

The even better news is that every one of your employees can help to protect your company’s security.  As it turns out, the most common breaches of security are not caused by super-hackers but by people with much intent but little technical knowledge.  With some basic training from you in the IT department you can stop these intruders in their tracks.

Social Engineering
Social engineering is one of the most common ways through your security.  This is a particular danger in large businesses with a high staff turnover and believe it or not it involves employees simply handing log in names and passwords to the attacker.  The methods and stories vary, of course, but the usual method is for the intruder to pretend to be from the technical support team in your own IT Department.  They will claim that the individual’s computer is causing a problem on the network and request the log-in name and password.  More often than you would believe, the information is simply handed over.

Are your colleagues aware that this information would never be needed by the technical staff who will already have this access, and if such information is requested it should be reported immediately to the IT department?

Phishing Emails
Phishing emails come in many disguises.  They appear to have come from a reputable organisation such as a bank and may tell you that your account has been suspended and request your password as verification to reactivate your account.

There are many ways of spotting a phishing email and most people these days are quite savvy at detecting them.  However, some can be remarkably deceptive.  Do your colleagues know to look for misspellings, subtle differences in company logos and broken English in the text?  Most importantly, they should know that reputable companies would never ask for such personal information via email.

Email Attachments
The age old problem of personnel receiving an email with an attachment containing a virus or Trojan horse: when the attachment is opened, the Trojan horse will create a security hole allowing remote access to your network.

The problem here is that even attachments from trusted senders could be infected if their own security has been breached.  Do you have a policy that states that no unexpected attachments should be opened until the sender has been contacted to verify the legitimacy of the document?

Weak Passwords
While it seems obvious that passwords should be highly confidential and secure, as well as hard to guess, it is still extremely common for people to use passwords such as, well… ‘password’, or even simply a repetition of their user name.  In these cases it will not take more than a few moments to gain access to the network.  There are a number of ways you can combat this issue.

  • Best password policy.  Passwords are essentially an outmoded method of securing a network and all of them can potentially eventually be cracked.  A 100 character password would take a life time to guess but would be extremely impractical.  The good news is that a 12 character password containing different cases, numbers and symbols is considered a strong form of defence.  However, do you have different passwords for each account?  Mat Honan himself admits that had all his accounts not been ‘daisy-chained’ the effects of being hacked would not have been nearly so great.

 

  • Two Factor Authentication: The concept behind the use of ATM cards: The security is created by a combination of what the user has (the card) and what the user knows (the PIN number).  This method can also involve a thumbprint or facial recognition.  The key is that as well as a password, some other form of information is also required to access a network.  A common method is the use of a smart card in combination with a password.

 

  • Password Managers: once considered a bit of a risk as one password could unlock all the passwords for a user, there are now useful password managers on the market.  They come in many different guises, from Cloud based software to mobile devices and are a way of being able to use many long effective passwords while only having to remember one extremely strong combination of characters.

 

It’s a great idea to practice self-auditing of your security.  Why not ask one of your IT team to attempt to access various accounts across your business with extremely limited information?  This should give you an idea of how secure your network is.

There are plenty of ways to be proactive about protecting data from basic staff training through to the use of technology and your expertise.  If you need help in implementing any of these methods perhaps we could help you to hire an IT contractor who could devise a security policy as part of a project or to cover existing work whilst an expert from your own team heads the project up.

Have you got any further ideas on this topic?  Have you been hacked or stopped a potential hack?  We’d love to hear from you.  Why not give us a Tweet @itrecruitment

Finally let us remember the important work of Barnaby Jacks which has prevented many security breaches and has potentially saved lives. In the words of security expert Dan Kaminsky, ‘Nobody caused such hilarious trouble like @barnaby_jack.’

Back to Articles

Related Articles