The Lulz are on us

What can we learn from the recent wave of security hacks?

avoiding making clowns of ourselves in online web security

Last weekend’s announcement that the LulzSec group of jolly hackers was breaking up was met with bemusement at what has been one of the most mysterious, albeit entertaining, chapters in the information wars of 2011.

It’s quite clear that 2011 is the Year of the Hack with organisations ranging from electronics company Sony who now appear to be the joke of the online security world through to major banks, the FBI and even Google’s Gmail service being the subject of serious online attacks.

That many of these attacks were successful is a reminder to all of us how important online security is and it is our responsibility to protect our customers’ and staff details by taking basic precautions.

Take security seriously

Many of the business hacks appear to have been because of slack security practices including out of date software and default passwords being used.

Even if you don’t have a server yourself, make sure your computers have all current updates installed and that strong passwords are in place.

Password Security

A basic precaution is to have robust passwords. A combination of letters and numbers is the best.

One nice little tactic is to use a phrase as a password and separate the letters with a character, for instance using “mary$has$a$little$lamb”, although you might want to choose a more intimate phrase.

Keep in mind too that strong passwords aren’t much help if an incompetent corporation leaks them onto the web, along with your banking details. So use a layered approach where critical passwords for bank accounts are different to those that you might use for an online game or social media site.

Restrict access

The real risk to our security lies with our own staff, many “hacks” are actually employees erasing or give away data, which could be deliberate or accidental.

Don’t give passwords or access to people who don’t need them, keep the business accounts away from your sales staff and lock employment records away from the IT folk. Private client information shouldn’t be shared around the office and particularly not with outside parties.

Backup, backup, backup

The DistributeIT debacle, which one is hesitant to describe as a “hack” as their complete loss of hardware, client data and backups sounds more like an internal problem than an outside attack, shows how important it is to keep your own backups.

As we move our businesses to online and cloud based services, we have to put a lot of trust into those who provide those products. It’s good insurance to have easily available copies of mission critical data in case a problem.

Invest in technology

We’ve all heard CEOs and ministers claim they will save millions in outsourcing their IT departments. Those savings come from somewhere and information security is one of those corners that’s cut when reducing operating costs.

Experienced tech workers have plenty of examples where management cries of “we’ve been hacked” have actually been hardware failures or staff mistakes bought on by poorly trained staff working with inadequate equipment.

Sony appear to have fallen for this, having reportedly sacked many of their security specialists before the hacks began.

Make sure you are making sensible investments in your technology and not going for the cheapest, or free, option simply to save a few pennies.

Obey standards

Nothing is more embarrassing than losing clients’ confidential data, particularly banking details.

If you are taking customer payments, make sure you are complying with the DSS-PCI standards for card payments by giving the work to a reputable payment gateway.

Have a contingency plan

“There but for the grace of God….” is a good phrase to keep in mind when you see another business affected by a hacker, hardware failure or any of the millions of other unfortunate things that could stop your business.

Even with the best planning in the world sometimes dumb luck just doesn’t go your way. You need to have a fall back plan to keep your business running if the unexpected happens.

Be honest

One thing that jumps out in a number of the stories is how some organisations are simply not honest with their customers.

The process starts with misrepresenting how they secure and protect customer data. When an outage hits, they hide behind a call centre and often lie, or at least understate, the effects of the problem.

In an age of social media, blogs and user forums trying to spin your way out of trouble is not the answer. If customers are going to trust you, they need to have confidence you won’t mislead them.

As consumers, the various data breaches we’ve seen so far this year should make us pause before we give valuable personal data to businesses. It’s quite clear that some don’t deserve our trust.

For businesses we need to show that we are worthy of our customers’ trust. The first step of that process is taking their privacy seriously.

LulzSec, anonymous and all the other various hackers, anarchists and general troublemakers on the web are reminding us that we need to take our online responsibilities as seriously as any other others.

Make sure you’re protecting your own business and your customers’ data.

Similar posts:

  • No Related Posts

Author: Paul Wallbank

Paul Wallbank is a speaker and writer charting how technology is changing society and business. Paul has four regular technology advice radio programs on ABC, a weekly column on the smartcompany.com.au website and has published seven books.

Leave a Reply