In our previous blog post, we gave you a list of steps to take if you have been a victim of a data or security breach. In this article, we will continue this discussion and delve deeper into what to do if you’ve been hacked.
File a Police Report
To protect yourself against excessive financial liability, you need to file a report with your local police department as soon as possible. Your status as an identity theft victim is thus made official, and this creates an official document for you to show the credit bureaus to lock down any activity around your identity.
Reclaim your account
The majority of mainstream, online services (such as Facebook, Twitter, YouTube, Google, Apple, etc.) have tools in place that will help you get your account back after it has been compromised. Generally speaking, you will need to answer predetermined security questions in order to verify your identity before proceeding.
Check for backdoors
The more sophisticated hackers will not just access your account, they will also ensure they can get back in once you’ve gotten them out, by setting up tools. Thus, when you have your accounts back, you should immediately ensure there isn’t a backdoor in another place designed to let an attacker straight back in. Check your email rules and filters to ensure that nothing is getting forwarded to another account without your knowledge. Also, check if the security questions were changed, or if the answers were changed.
Restore from back-up
It is now time to restore your data from back-ups, and bring the system back to normal.
Ask Yourself “Why”?
Finally, while fixing things, take some time to reflect back and ask yourself this question: what was the aim of the breach? If it was your bank account, the answer may be obvious, in other cases, such as email for instance, it could have been for several reasons – from getting password resets on other services, to using it to send spam, to requesting money from your contacts. An attacker may even be trying to gain access to your business. Knowing why you were targeted can help you understand how you were breached.
…But Stay Calm!
Although getting hacked may seem like a nightmare, it is not the end of the world. By following the tips above, you can get up and rolling as quickly as possible.
Every week brings about new reports of yet more hacking incidents. Back in August, The New York Times reported that a Russian crime ring had stolen 1.2 billion username and password combinations in a series of Internet heists affecting 420,000 websites. The reported theft was based on the findings of Hold Security, a Milwaukee firm with a reputation for exposing online security breaches.
In addition to stealing 1.2 billion online passwords, the hackers had also collected 500 million email addresses which, according to Hold Security, have the potential to help engineer other crimes.
Creating More Secure Passwords
The above-mentioned cyber attack shows clearly that passwords and usernames can never be 100% safe. Therefore, you should always choose different secure passwords for your personal (online) accounts. If you suspect that your passwords have been compromised, change them immediately. When setting a new password, ensure that your passwords are strong. The following tips are useful for ensuring the strength of passwords:
1. Use combinations
Use combinations of numbers, letters, upper and lower case, and symbols, such as the hashtag. Some services will not allow you to do all of this, but try to use the most number of combinations.
2. Choose long passwords
Although the recommended minimum length is 8 characters, choosing a 15-character password is stronger. However, some services limit the amount of characters you may use.
3. Avoid dictionary words
Avoid words that can be found in the dictionary, even if you add symbols and numbers. Some programs are able to crack passwords by going through databases of known words. One trick is to think of a sentence and turn it into an acronym. For instance, “Keeping your identity safe with more secure passwords” becomes “kyiswmsp”.
4. Use different passwords for different accounts
Since individuals can have hundreds of online accounts, it has become increasingly common to share one or two passwords across accounts or use very simple ones, such as children’s names, favorite sports teams or dates of birth. However, it is best to use different passwords for different accounts, especially if a password unlocks features that involve credit card information or other sensitive data.
5. Make use of multiple passwords
Some services, such as Gmail, give you the option of using two passwords in special circumstances – such as using a particular computer or device for the first time. If you have that feature enabled and try to access Gmail from an unrecognized device, the service will send a text message to your phone with a six-digit passcode for verification. For access, the passcode needs to be entered, after which the code will expire. This means that hackers will not be able to access the account without physical possession of your phone. Even though it is optional, and may be considered to be a nuisance, it could potentially save you from damage later on.
Passwords are the first line of defense in protecting your identity against unauthorized access to your computer. If you think that you must write down your password in order to remember it, ensure that you store it in a safe place, and do not label it as your password.
Hopefully, those 5 tips will help you to protect your passwords from possible future cyber attacks. If you have other tips for creating secure passwords, please go ahead and share them with us in the comments.
Business depends on data and technology, both of which can be abused by cyber criminals. A study conducted by the Center for Strategic and International Studies (CSIS) reported that cybercrime costs the global economy a staggering $445 billion a year. Cybercriminals are gaining momentum by sharing information and launching more sophisticated attacks. Fighting cybercrime requires a holistic approach to safeguarding information.
To avoid becoming a victim of cybercrime and prevent unauthorized access to your data, here are some steps you can take:
Hackers are not the only ones who can gain power from information – by educating yourself on the existing types of scams and how to prevent them, you can stay one step ahead of cybercriminals. After all, cyber security begins with personal responsibility.
Automate software updates
Previously, we mentioned the fact that software updates are important as, apart from product enhancements, updates contain bug fixes and solutions to security vulnerabilities. The good news is that many software programs will automatically connect and update to defend against known risks; therefore it is best to configure automatic updates.
Click with caution
Whether chatting over an instant messenger or checking e-mail, you should be careful not to click on any links in messages from people whom you do not know. The link could download malware onto your computer, or it could revert to a fake website that asks for private information, such as user names and passwords. These data could be used to carry out identity theft or other crimes. The same concept applies even if the message is from someone you do know – you should always be vigilant. Certain types of viruses multiply and spread through e-mail, therefore looking for information that indicates the legitimacy of a message is advisable. Also, exercise caution when downloading any programs.
Apart from practicing safe surfing, you also need to be cautious when shopping online. Before entering your payment information on a site that you have never visited before, do a little investigating to determine if the seller is legitimate.
When it comes to payment, a credit card - rather than a debit card - should be used. If the site turns out to be fraudulent, your credit card issuer may reimburse you for the charges, but with a debit card, the money is lost.
Use Common sense…
Even though our awareness about cybercrime has increased, mainly due to the ongoing revelations by the ex-National Security Agency contractor Edward Snowden, cybercrime is still on the rise. Cybercrimes trajectory is fuelled by common mistakes such as replying to spam or downloading attachments. Therefore, common sense should be used whenever you are on the Internet. You should never post revealing personal information online, or share sensitive information, such as your social security number and credit card number.
…But be suspicious
Even cyber-savvy people still need to keep a guard up for any new tricks and act proactively to protect their safety. Although protecting oneself does take some effort, there are numerous resources and tools that can help. By adopting best practices and a few precautions, you can keep cybercrime at bay.
If you are looking for security solutions for your company, you can find valuable information on our website www.hobsoft.com. You will find several software security solutions “Made in Germany” that will help you protect your corporate network and files.
The year 2013 is synonymous with cyber attacks and numerous data breaches. Individuals and organizations worldwide are now more aware of widespread surveillance and cyber threats. But what are the costs associated with business security breaches?
1. Direct Financial Loss
Attackers may specifically target customers’ credit card numbers, employees’ checking account numbers, and the company’s merchant account passwords. Especially in the financial services industry, indirect legal fees or fines resulting from the security incident can significantly increase the costs, independent of whether the criminal is brought to justice.
2. Violation of Privacy
Employees are trusted to keep personal information private. Likewise, customers trust the organization to keep their credit card numbers and credit histories confidential. If this privacy is violated, legal consequences arise.
3. Lower Competitive Advantage and Lost Sales
Theft, modification, destruction of propriety sales proposals, business plans, product designs or other highly sensitive information can significantly give competitors a marked advantage. Sales are also lost as a consequence of the cyber attack, and the repercussions ensue long after the incident takes place.
4. Damage of Corporate Reputation and Brand
Building and maintaining a corporate image and establishing trusted relationships with customers and business partners is critical to an organization. However, the corporate credibility and business relationships can be considerably damaged if proprietary or private information is compromised.
5. Loss of Business Continuity
In the case of a service disruption caused by a data breach, the IT team must quickly address the problem, so as to minimize downtime of the system, and restore data from backup files. Nonetheless, when mission-critical systems are involved, any downtime can have catastrophic consequences. In other cases, when lost data may have to be meticulously reconstructed manually, this decreases the amount of time that systems are functioning to below acceptable levels.
Business Network Protection
As discussed above, the consequences associated with security breaches are vast and long-lasting. Several organizations now use remote access solutions to maintain a high level of security for sensitive corporate information. In particular, many companies opt for SSL VPNs due to their flexibility – SSL VPNs are not restricted to employee remote access, but incorporate partners, contractors, and possibly also customers. The increasing amount of hacking attacks and sophistication of security threats demand the use of advanced network security via a high-quality VPN as a component of a comprehensive business security policy.
If you are interested in how to secure your network from cyber attacks, we invite you to visit our website www.hobsoft.com. On our website you will be able to find data sheets of our VPN solutions as well as interesting e-books and whitepapers.
Author: Hazel Farrugia
Another chapter in the cautionary tale of cyber security vulnerabilities opens this week with the hacking of two major US newspapers – the New York Times and Wall Street Journal. The lead article in the Wednesday, January 30 issue of the New York Times covers the attempts and methods used by the Chinese military to hack into the their network. Reportedly, the Chinese military’s primary motive was to uncover the sources of an October article reporting on the wealth accumulated by relatives of China’s premier, Wen Jiabao.
Meanwhile, the Wall Street Journal also experienced hacks with connections to the Chinese government. The Journal reports that the Chinese’s intention also was to monitor coverage of China in their newspaper and to trace the sources of that information.
Products that feature secure remote access, strong encryption and reliable authentication methods may seem like an adequate solution for a company with vulnerable networks. However, the New York Times states that their own anti-virus capabilities did not dodge the attacks. Furthermore, these espionages exemplify the vulnerability of networks and the necessity of comprehensive security measures to prevent attacks.
In a ZDnet article covering hacker expertise, Hewlett Packard’s SVP of enterprise security products, Art Gilliland, explains the power of knowing a hacker’s next step and disrupting it rather than solely using security software to identify attacks. “This is a game of risk management,” Gilliland stated. “Companies need to be able to see and understand their exposure potential and prioritize what they respond to.” The New York Time’s security team followed a similar strategy by surreptitiously monitoring the moves of the hackers in order to determine more adequate defenses against them. Before the hackers could do any serious damage, the Time’s security expert team blocked the hackers from breaking back in.
Because hacks are inevitable, expansion of security policies and experienced security teams are necessary to prevent future opportunities for hackers. However, many companies do not have the budget or experience to create a team with a sophisticated attack strategy. This is when organizations that monitor cyber attacks may need to be brought in.
Has your business been a victim of cyber attacks? If so, did you have security technologies in place that allowed you to identify and thwart the attacks? How well did they work? Contemplate these questions now to prepare you for the very real risk of an attack in the future.