Not a week, or even day goes by without newsbreaking of a website, business or government being hacked. Ransomware now dominates the headlines, but this method of attack is only one type of many, that criminals around the world use to profit.
No longer a hobby for the basement dwelling stereotypical geek, hacking is now a multi-national business enterprise, generating billions often without criminal persecution. With nation-states (United States included) getting into the game, it seems everyone has a thirst for your data and protecting yourself, and your website has become an essential human need.
In the industry, it’s called OPSEC, or operational security. Here are some steps to improve your OPSEC:
Passwords. It seem ridiculous that we’re still talking about passwords in 2016 (cue the Allen Iverson practice video), but we see it every day. Easy to guess passwords are exploited quickly, giving hackers direct access. Beyond choosing a secure password, changing it regularly is also recommended.
Email best practices. Years ago we were all told to not open attachments sent to us via email. These days the advice is to “not click any links” sent to us via email. Phishing remains the most effective hacking spearhead. If you get an email from your bank, or any online provider open your browser up separately and navigate to the website via Google or directly via the address bar.
Two-factor authentication. Whenever possible activate two-factor authentication. This requires that you respond to an additional prompt beyond password (usually a text, or phone message) when logging into important services.
Don’t use public Wi-fi. While it’s common for all of us to maximize our expensive data plans using free Wi-fi, connecting to an unknown Wi-fi network while out in public is dangerous as the network could be operated or compromised by hackers.
Secure your devices, and your network: At home, and in your office your Wi-fi should be secured with a password, and your devices should be regularly scanned. Be weary of letting your kids use devices that are connected to critical services. If the device is compromised, everything that device has access to could also be compromised.
Often times the best defense is to simply be aware of suspicious activity. Relying on your bank, credit card company or the merchant to protect your privacy and data is no longer sufficient. Invest in a service that you can use to monitor your financial transactions, and credit to help you spot a problem before it does extensive damage.
Often times, securing your world post hack is the easy part. Cleaning up the mess to your reputation, or financial record is a longer lasting, and more costly endeavor.
Next month we’ll focus specifically on websites and website owners, with tactics and services that offer to protect your business website from intrusion.