Illicit deals have moved on a long way from the days of ‘Lips Larry’ and ‘Tommy Two-Feet’ meeting in an abandoned warehouse, exchanging briefcases silently while all the time guarded by trench-coated thugs with suspicious bulges. To be honest I don’t know if that ever happened (all scenarios are the work of the author, any similarity to any person living or dead etc..) but the point is still valid. Very little shady business is left to the insecurity of face to face meetings or easily trackable phones. A much more likely location is the relatively untraceable wilderness of the ‘darkweb’ where password protected and encrypted sites offer the free trade of everything from drugs to data. This might not sound like it affects you, I’m assuming you don’t deal drugs, but you do deal in data and that makes you a target for any hacker looking to make a quick buck.
The internet is a wonderful thing for making connections. 30 years ago the thought of being able to take a photo and instantly make it available to anyone globally from a phone would have probably started another wave of witch hunts. The price of everything being connected now is just that, EVERYTHING is connected. With enough information you could log into a persons internet banking, take out a loan in their name, transfer the money through a dozen different accounts and withdraw it from a cash machine in Kuala Lumpur to go buy some breakfast. Data is the modern gold, the new oil. Personal information is a resource and a currency that the economy is in reality based on. Popular culture has explored in a few examples recently the idea that if all the data about debt and credit were destroyed then we would effectively hit an economic reset button. Without proof that Person A owes Company X then Company X can no longer repossess Person A’s home if they fail to pay. Taking this picture to an extreme brings up a lot of idea that aren’t relevant right now, the point is; data has an intrinsic value and if you aren’t protecting your data then you are leaving yourself open to a huge loss.
The oldest and biggest vulnerability for any company has always been its people. We are creatures of habit and routine. We get to our desk, type in our password to log in and get on with work. It becomes muscle memory after a while. The issue is the longer a password is in use the higher the chance it’ll get cracked. Imagine out in the world there are banks of computers dedicated to hacking networks and rustling your carefully farmed data. The most basic attack will try to brute force it’s way in by guessing a password repeatedly until it hits the right combination of characters. The longer you give that machine to guess the password the easier it becomes, change the password and all the combinations it’s tried become meaningless. It is vitally important to change passwords and it should be forced on every member of staff without exception. It’s a simple process for the I.T. Guys to setup so let them do it and sleep a little easier at night.
Another commonly overlooked hole is old or unpatched software. Many businesses rely on software that’s no longer supported but it fills a vital need that, as far as they know, can’t be replicated elsewhere. Without support though that software can become a ticking time bomb. The majority of updates, yes, those ones we all click ‘not right now’ on, are actually fixing security problems. As new types of hacks and attacks come to light software publishers have a responsibility to produce an update for their programs to plug that gap. If you don’t allow that update then you’re leaving that hole open. It’s a fairly simple equation to grasp but so many of us, your humble author included, don’t do it. Now if the software itself is no longer supported then it won’t have received any updates since that point, potentially making it a leaking sieve of security holes. A prime example would be Windows XP. Support for XP only exists now for cash machines and other important systems like hospitals. If you’re not a cash machine or a hospital then stop using XP and update your software. You’re not just leaving the gate open, you’re leaving the lights on, the keys in the door and the safe code on a sticky note.