Concerns about privacy online have exploded in the last couple of years. When services began moving online anxieties emerged around personal identity theft, which saw people forced to use more complex passwords on websites where they would be inputting personal information. Then security questions appeared to add an extra layer of protection, and now passwords on certain websites, such as Hotmail, have to be changed after a certain amount of time.
But a trend is emerging for hacks that are more advanced, that don’t just affect one individual at a time, and can’t be prevented by simple security questions. Big data is one of the biggest marketing buzzwords of our time, and hackers are now utilising this and moving on to conduct mass data breaches, so that they can get more information quickly. These kinds of hacks are becoming common, and businesses are struggling to work out how to defend against it.
In the last decade, brands such as LinkedIn and Ebay have fallen victim to this kind of hacking. The latest of these high-profile hacks is Sage, one of the UK’s biggest software companies that has recently experienced a major data breach – one which appears to be from an internal source, further fuelling concerns that no business is safe.
If these huge companies with their big budgets can’t protect themselves, do the likes of SMEs even stand a chance? And as the world progresses online, what can businesses do to prevent being hacked?
There are a number of steps that any business (or individual) can take to add extra protection against hackers.
Lying might be the best policy for your security questions
Security questions were brought in as soon as hacking became more common. But a lot of the questions are worryingly easy to guess, particularly with the rise of social media meaning that people now willingly share more personal information with the world than ever. Do you think it’s really that hard to find your mother’s maiden name? Or the name of your pet?
That’s not to say that security questions aren’t important, but in this case lying is actually the best policy. Make up the answer to the question, so it’s something that no-one could ever guess.
Think twice about linking up social accounts
Phishing – where fraudsters send an email directly to you posing as an important company, asking for you to update important information such as a password, or credit card details – is one of the original hacking methods and remains one of the most common. This is also a technique used to hack social media accounts. If you’re a business with a big social following, you could be a target.
Linking your Facebook, Twitter, and Instagram accounts is tempting as it makes posting content much faster – if your business posts multiple times a day this can be a godsend. But this makes it easier for a hacker to take control of all of your accounts. If they’re linked, it won’t be long until they’re controlling your entire brand messaging on social. Keep them separate, make sure you use different passwords on every platform, and also make sure you only give the passwords to a small number of staff – which brings me onto my next point.
Remember that not all hacks are from an outsider
The latest Sage hack by one of its own employees has highlighted the need to consider that you could be attacked from inside your company. You’re not just at threat from malicious outsider hackers, and in the most part it’s a lot easier for an internal source to get hold of your data. It can be hard to digest that a member of your own staff could be involved, but particularly if you’re a growing company recruiting often, you can’t always be 100% confident that someone doesn’t have an ulterior motive.
Make sure that key passwords are handed out to as few people as possible, and make employees clear of the repercussions if any member of staff attempts to access data without permission, as a deterrent.
Ultimately, it’s impossible to be completely out of harm’s way when it comes to being hacked. Hackers will continue to evolve with the advancements of the internet. But you can’t drop your defences completely. By taking some precautions you can put barriers up and deter hackers from targeting you.
By Daniel Foster, technical director at 34SP.com.