Most of us working and running Small to Medium Sized Enterprises (SMEs) rely heavily on the Internet, utilizing various cloud-based services and apps from email to banking and business management.
If we’re talking about your home, it’s like your front door has no lock and no security. There’s a new group that’s navigating the world and opening every door that has no lock (or a weak one) and entering just because they can. Then they broadcast to the world the addresses of the homes which have no locks. Where do you think the thieves are looking today?
Lulzsec is a group of hackers who are making a game of exposure of confidential usernames and passwords to your email, banking and other confidential sites. While we definitely do not condone their practices, it is clearly time to start with:
- locking your front (and back) door, and
- adding a security system
To “lock your front door”, it’s not a good idea to simply to change your password from one easy variation to another easy variation. Choose a password with upper case, lower case, number, symbol and choose your “haystack” and then test it here for free to see how secure it is: https://www.grc.com/haystack.htm. Don’t use this as a password, but the following password turns out to be as secure as completely random gibberish and yet it’s easy to type and remember:
The reason this step is critical is that most of the 26,000 or so accounts and passwords made public today were not difficult passwords. Computing power today allows for what are called brute-force attacks where many passwords are tried successively until one works. Making it sufficiently difficult is part of the answer to better security.
To “add a security system”, it is often referred to as multi-factor authentication. Now that you have a secure password, it’s like having a decent lock on your front door. Time to add an additional layer to really make sure that only the rightful owner has access to the premises. Nerds On Site offers this solution with a Yubikey, a physical device you carry with you (usually on your keychain), and utilize any time your computer accesses confidential cloud applications.
Without complete information, it may at first blush seem like being online or in the cloud is insecure. It is not the cloud that is insecure. It is the security protocol of organizations everywhere that is generally insecure.
Using the well-publicized CityGroup exposure as an example, it turns out that it wasn’t a difficult hack at all. Hackers simply took a look at the address bar and noticed that other account numbers could be substituted within the URL. So once they were logged into any legitimate account, they could simply go to http://somebank.com/account1234 where account1234 is someone else’s account. (this is a somewhat simplified description, but this article goes into more detail). When it comes to your own bank’s security system (two-factor authentication), make sure you demand a two-factor authentication solution right away. Not one that’s based on a series of questions and answers but on something you physically need to have with you. Like a Yubikey!
As for the rest of your businesses’ front door locks and security system, we’re here to help the SMEs of the world.