Our frenetic lives can lull us into a false sense of security. We have become accustomed to technology making everything easier, literally at the tips of our fingers. We could be forgiven for assuming that someone else is taking care of the nuts and bolts, the underlying infrastructure and security upon which the very fabric of our lives is built.
Unfortunately, we cannot rely on everyone else though – we have to do our part to protect ourselves, our personal information and our identities. To usurp a line from James Carville (past president Bill Clinton’s strategy advisor) “It’s Security Stupid”.
It’s Security Stupid!
As consumers, we are too easily drawn in by the bright lights of well designed websites. We presume that the back end security will be as well designed as the front end creative. In most cases this tends to be inversely true. With scarce resources and time, companies tend to focus on one area first – either front end or back end, either UX or security. And while UX is an important element in customer satisfaction scores, security is a paramount requirement for having a business tomorrow.
I recently received a notification from Home Depot that my personal information, including my email address, had been exposed through a data security breach. Thankfully the exposure did not include payment details, however as news of each new major customer data hack filters through, we are reminded that our data is a personal asset and we should protect it as much as possible.
It also means using service providers that have a security focus at the core of their business. By trusting a business with your data, you are trusting them with your online and financial well being.
In today’s connected world we have to be ever more vigilant about our online security:
1. Maintain strong passwords
2. Update your antivirus often
3. Protect your data
4. Use service providers that focus on security
5. Don’t believe it won’t happen to you…
Phishing attacks remain at record highs
The Anti Phishing Working Group (agwp.org) reported a total of 128,378 unique phishing attacks in Q2 2014 – that’s a 3 month period. Whereas the traditional source of attacks used to be eastern Europe and Russia – this is no longer the case with 85% of sub-domains registered for phishing coming from China.
Payments (and financial services generally) are still the most targeted industry sector. Any financial information is a gold mine for a phisher – they can use it to launch a sophisticated spear phishing attack or to assume your identity to order credit cards or take out a loan.
There is a split of strategies being seen in the ether.
The first is the tried and tested “spray and pray” where millions of emails are sent out purporting to be from your bank and requesting you to “login” to change your security details. There was a noticeable trend where the emails became increasingly realistic. These fooled many people initially, but the more knowledgeable would smell a rat and drop out along the way. Now many of these attacks are incredibly plain – little effort or branding – as they are only trying to entice the incredibly naive so that there is a higher probability of actually getting all the information required.
The second strategy is based on data – yes BIG DATA and mostly traded on criminal forums between hackers and phishers. There is a roaring trade in your information, like a Sunday Market in customer data records. Hackers target retail brands and hope to get millions of records. They then sell these to phishers, who send out very sophisticated campaigns using some of your data as the hook. These are much harder to detect by individuals and result in much larger loses per person.
Apart from the rise in phishing attacks – what is also concerning is the number of computers that are infected with malware, adware/spyware and trojans/viruses. According to Pandalabs 32.7% of computers are infected around the world. Again China leads the way with 52.4% of computers infected.
What measures are you taking to protect your online & financial well being?