As we continue to be amazed at the scope of the News of the World hacking scandals, it’s worthwhile considering how valuable our personal and business information has become.
This is no news to companies like Google and Facebook, who have built businesses worth hundreds of billions of dollars on our willingness to give away personal information.
Even if it’s unlikely that we, or our customers, are going to be the target of the London tabloids or the paparazzi, our information is still worth protecting and here’s just a few ideas on making your business a bit more secure.
Phone message banks
At the core of the News Of The World out is the newspaper’s abuse of other peoples’ messagebank services where reporters, or private investigators hired by News International, have accessed messages left on mobile phone services.
Calling this behaviour “hacking” is giving it more credit than it deserves, accessing mobile phone message banks is usually easy because the victim doesn’t change the default PIN code the mobile carrier uses for mobile accounts.
So the first thing to do when setting up a mobile service is to ask your carrier how to change the PIN codes for your mobile account. While you’re talking to them ask if they offer an SMS service to notify you whenever your phone service is accessed remotely.
With any electronic device you buy it’s sensible to change any default passwords or PIN codes or passwords when you set them up as a matter of habit.
Passwords
One of the biggest weak links in our online business and private lives is the use of passwords.
We tend to be quite careless with how complex we make it and who we give it out to so it’s worthwhile being careful with the sites we use for our critical passwords.
As well as making them complex, say a long phrase with a character acting the space like Mary&had&a&little&lamb, you should change them on a regular basis as we’ve seen many passwords been leaked by businesses this year.
Secret questions
Another thing to consider are the secret answers to questions many providers ask you to set up.
Questions such as your mother’s maiden name could be easily figured out by a professional or determined investigator and social media sites like Facebook can make this even easier.
US Vice Presidential candidate Sarah Palin was caught out by exactly this in 2008 where hackers figured out her secret passwords from public records.
Using hotel and public networks
We should also keep in mind that phone hacking is only one part of corporate security, earlier this year there were allegations Federal government emails had been compromised by Chinese organizations.
This almost certainly happened through plain text passwords being sent through hotel or public networks. It’s wise to make sure that Secure Socket Layer (SSL) access is required on all your remote access.
Tighten your own organisation’s practices
We shouldn’t forget however much of the data in the News Of The World scandal has been accessed through paying off staff, allegedly including the royal palace bodyguards.
It’s difficult to see how you can protect yourself against corrupt workers however you can reduce the risk of your organisation giving out details by restricting confidential data to a “need to know” basis with access logging enabled.
“Blagging” – or to use the horrible American term “pretexting” – is pretending to be someone else to get important data. Again, slack procedures by various government agencies and private organizations have been responsible for much of the data being given away.
There’s no doubt too many organizations are cavalier with their customers’ information and hopefully the recent hacking events along with the News Of The World scandal will force businesses to start taking user privacy seriously.
For smaller businesses, we have to show respect to our customers and have the procedures and trained staff in place to make it difficult for the blaggers to compromise our systems.
Measures can include refusing to give out passwords and identifying data which the customer should know as well as insisting on sending details to a known SMS number or email address.
As reprehensible as the behaviour of the journalists, their editors and the News International management is, we should have no doubt that the tactics employed by their private investigators are widespread in everything ranging from domestic disputes to industrial espionage cases.
Given the value of our, and our customer’s, private and commercial data we need to take security seriously.
For years we’ve been warned that cyber warfare would break out one day, the various corporate data breaches and The News Of The World scandal show the battles have been closer than we thought.
Hey Paul,
I think this is a great topic that needs to be discussed more often now that facebook, google+, and other social media options are now asking for more and more personal information. I didn’t even think of just how many people do not change their default phone message passwords.
I know of some people that are using roboform so that they can create all kinds of different passwords and have them all “remembered” and saved by the program, but I also wonder how hackable that would be as well. Great ineresting topic that should be brought up more often. Thanks