Lawrence Jones, CEO of internet hosting firm UKFast fights the customers’ corner with a look at why some online businesses still aren’t investing properly in preventing security breaches.
Cyberattacks happen constantly but as an online business, it’s important that they don’t affect the performance of your website. According to Symantec’s latest Internet Security Threat Report, just eight of these attacks exposed more than 10 million identities in 2013. The previous year, only one was able to cause a breach of such magnitude.
Whilst small to mid-sized businesses are often susceptible to malicious activity, usually due to having fewer resources than larger enterprise, the number of high profile corporations falling foul of it is particularly worrying.
With the spate of high profile cyberattacks this year, you’d think that online businesses would be putting all of their resources into protecting customers online. However, there are still some huge brand names operating online without the basic security guards in place. For example, there are some that don’t want to spend money on a dedicated firewall; and firewalls, whilst not bulletproof, are still an essential part of your armour if you’re operating a business online.
Personally, I think that by knowingly putting customers at risk, these brands run the risk of abusing their responsibilities as online retailers. After all, when you put your faith in major brands to look after your data, it goes without saying that you expect them to cover the basic security precautions.
That being said, there’s also a lot we can do as consumers to protect ourselves. I’d say the big one here is passwords. It sounds obvious and much has been made of this issue lately but it’s an area in which we’re letting ourselves down.
SplashData’s annual ‘worst passwords’ list put 123456 as the number one blunder – and it really is a blunder, akin to leaving your car keys on the roof of your car in a busy area!
The reason most people give for shrugging their shoulders at passwords is that they’re hard to remember, but this isn’t an excuse for using passwords that can be easily cracked, such as “password”, especially when sensitive company data is at risk.
My advice would be to choose a short sentence to use as your password and then change the case of a couple of letters, mixing upper and lower case. This will make dictionary attacks more difficult for a hacker. Then add in some numbers, replacing an ‘o’ with a zero, for example. You can use this as your blueprint for different accounts, adding an identifying letter to the end to differentiate the password. So, for Facebook, you simply add an ‘F’ at the end.
Another approach would be to use association. This can help when it comes to creating a different password for each account. So, if the banner of a specific website reminds you of blue skies then you could use this as the basis for your password and build around it. It’s easy to use the name of a pet or child, but social engineering (essentially, getting people to divulge information) means that cybercriminals could crack these kinds of passwords in a heartbeat if they really wanted to.
Whilst it might sound complicated, the consequences of not taking proper precautions when it comes to passwords can be devastating for a company or individual. As cybercriminals become more sophisticated in their methods, we have to mirror them. There are some very clever people out there keeping us on our toes so it’s important that we step up our game and make it harder for them. As computer users, we can educate ourselves with a few clicks of the mouse, as there are plenty of sources of security information available. UKFast’s blog is just one of these and it’s not just for our clients, but for everyone.
It’s also very important to keep on top of your anti-virus software. There’s been talk of a move away from anti-virus towards software that focusses on finding bugs and dealing with them rather than solely on preventing them getting there in the first place, but this doesn’t make anti-virus any less relevant. When it comes to emails, there’s no harm in being suspicious and questioning links before clicking on them. We often fall foul of ignoring our gut instinct in these situations. Staying up to date and on your guard is the best way to protect yourself.
The online world evolves so fast, we can often find ourselves playing catch-up. For the brands playing with fire (but not with firewalls) there is much at stake. The reputational damage and heavy fines that can come from the ICO as a result of being hacked and leaking information are enough to bring a business to its knees. For these brands and their customers, investment in data security is paramount. Cutting corners is simply not an option.
Lawrence Jones
Lawrence Jones is CEO of colocation, cloud and dedicated hosting company UKFast, a £20m + turnover firm based in Manchester.