21st November 2016
Flaws of Technology Evolution - Web security basics
In the modern world, things such as payments, applications and registrations are all done online. You go to the doctor, and you check in through a device on the wall. You go to the shops, and with contactless technology you simply tap your payment card on the card reader and the wireless technology instantly pays the bill without a pin number or a second thought.
These examples illustrate the way technology is evolving. Some people don’t like this aspect of increased automation but for most, it’s quicker, easier, and less to think about! So, are there any problems with this evolving technology?
There are definitely security issues. How do you know who has access to your information, and does it matter? Now this isn’t some conspiracy blog saying “Watch out! You can be spied on through your phone’s microphone or camera”. No ... this is a blog about how easy it could be for someone, with no right, to get into your private information and access details such as your bank card information or private emails.
Using passwords such as your pet’s name with your mother’s date of birth doesn’t protect you as much as you may think! Maybe we need a bit more technical security.
A basic starting point is not to download any viruses – easier said than done! You can fall victim on a “dodgy” website, or by opening the wrong email, so try to be a bit Web Wise, which means being less trusting and assuming the worst rather than the best. Think carefully about what webpages and emails you open and specifically about what you download and accept. For example, if you think you have clicked to watch a video and instead you see a download of an EXE (application) file, warning sirens should be screaming in your head! Don’t assume that you must run the application to watch the video – it’s more likely that it will install a virus instead.
A good start to protecting your details is knowing the techniques that people use to get hold of them. One of these techniques is simply figuring out your password. Now this is easily done for any basic hacker, all they need to do is find out some personal information on you from your social media accounts or knowing you personally, so the best way to protect your password, is have a different one for every account you use, using a mix of random letters and numbers, with different capitalisations. If your password uses three words together such as chairtabledoor1234 this is still relatively easy to hack with a simple programme that uses brute force techniques (i.e. trying millions of possible passwords automatically). A password such as Ch41rTa8L3DoOr4231 would be a much better password because it’s next to impossible to guess and would take a programme weeks if not months to hack after constant efforts.
Even if you are relatively sloppy at home, in the workplace you need to be extra cautious! There are a few more simple rules to follow. When leaving your computer, whether to take a toilet break or even to get a cup of tea, make sure you lock your computer. Not only does this prevent colleagues taking advantage of your trusting nature and posting a humorous status onto your Facebook wall, but it also stops visitors and more junior colleagues using your PC, which could compromise your company’s security.
Always keep company passwords and information as low key as possible, only talking to people about them on a need to know basis. Take special care not to leave sticky notes with passwords on them lying about, especially in view of windows!
Always keep a backup on a separate server of your most important documents and work. This should be obvious but you would be surprised how many people don’t back up their precious work. Two backups are usually good! One of these being in a completely different location to the other, in case of a fire or robbery. A simple tip if your company uses cloud-based email such as Gmail is to email yourself a copy of anything important, so it is stored in your Gmail account should anything happen.
At the more determined end of hacking and security infringement, keep an eye out for unknown technology devices around the workplace. Some methods of hacking are so advanced that they use devices to allow them access to your computer or network. Also, keep an eye on your location: who can see your screen and is anyone trying to connect to your device inside the same room, from another room or even outside the building? These are all plausible methods to make a successful hack. Remember how one device could allow someone access to many others.
Anyone can be hacked, individually or on a corporate or government scale. All it takes is one person who wants to carry out that hack. The best way to defend yourself is to be cautious and put measures in place to ensure that the effort and resources required to hack you are not worth rewards that will be gained.
As founder members of the Northamptonshire Business Resilience Forum and coming from a defence and banking background, SilverDisc places security (and, incidentally, speed) at the heart of its web development culture. I’m a junior here, but some of our more senior staff have over 25 years’ experience in this area. Please contact us if you would like some help in building safer, more secure web applications.