Access Management / Cyber Security News

How to Fight Back Against Hackers

In the beginning of September, a group of computer hackers calling themselves AntiSec announced that they had stolen a file containing unique identification data for 12,367,232 Apple iOS devices. They claimed the database was stolen from the compromised laptop of an FBI agent. Simultaneous to AntiSec’s release, the FBI denied the claim. To substantiate their claim, AntiSec released one million of the unique identifiers minus the personal data embedded in the stolen file.

My reaction to this obscure story is: what was highly confidential data doing on a laptop computer, and why weren’t there security measures in place within the laptop to prevent the theft? It seems that every day there is another incident reported in the media of data being stolen or computer networks compromised. The problem persists even though companies spend millions of dollars every year to curtail the theft and breach of their virtual systems.  

Part of the problem resides with the employees themselves and their personal security practices related to their computer devices. Previously I wrote about the blending of our social lives and work and personal lives. However, access control within our social and professional lives expands well beyond Facebook and Twitter. It extends to the virtual devices we use. Devices like smartphones, laptops, tablets and even desktop computers are the conduits that connect our personal and business lives. And by doing so, we expose these devices to potential attack from hackers. Most of us have a desktop computer, a smartphone and probably a laptop or tablet as well. On all of these devices we keep our personal and work information together in order to make our lives simpler. We transfer pictures, documents and postings between all of our devices regardless whether they are personal or professional. Today’s technology not only opens us up to public scrutiny, but it enables hackers and corporate spies to infiltrate our data and our lives and create havoc with our devices. Providing access control to personal devices is just as important as securing social networks, and utilizing just a password is not enough. Because technology makes our lives so very easy, we forget the potential liability we incur because of involvement in our social networks or just because of convenience.

So how, as social entities and corporate officers, can we help to secure the access of our social and corporate devices within the virtual world? Here are a few simple practices to help increase the security of your devices.

If data transfer to a laptop is necessary in order to conduct business, the computer should be locked down. There should be no apps, programs or anything that could potentially compromise the computer. However, if Internet Explorer, Adobe or Java is needed to conduct business, the device is susceptible to an attack. In this case, proprietary data should not be stored on the device. All proprietary data should be kept secure off-line. When using the data, it should be uploaded, worked on and then downloaded. And social networking should be done on your smartphone or tablet device.

Many programs and apps have passwords for access. This feature should be activated, especially if they store data and the data is propriety. The password utilized for the app or program should not be the same as the password to log onto the device. In the case of data storage or programs that contain proprietary information, a third password is recommended that is very different than the others you use. Ensure your device is accessed through a password as well, so if it is stolen the perpetrator cannot gain access into your device.

It is also helpful to turn off Wi-Fi when your device is lying dormant. This way access into your device is impossible. A good time to establish this practice is at night when the device is charging.  

Key to controlling unauthorized access to mobile devices is the identification of apps and programs that can create vulnerability. Keeping tabs on news related to breaches and vulnerabilities can help with this process. When a breach is publicized for an app or program, you have the option of deleting it until a fix is made public or just ensuring that the program is closed on your device when it is not in use.

Apps or programs that are not in use should be turned off. That means going into your device and either quitting the program, closing or exiting it from the tool bar or turning the app or program off on your mobile device and keeping it off until you need to use it again. 

And finally, make sure that your devices are set to close automatically, within two to five minutes after it becomes dormant. If proprietary information has to reside on your device, make sure your device auto-closes at a minimum time – 30 or 60 seconds.

Following these simple, basic practices will dramatically reduce the opportunity for hackers to access your smart devices and steal important data. However, the best practice to follow when it comes to proprietary information is leave it offline and protect the device it resides on by using encryption, controlling access through a password and securing it so that it is not lost or stolen.  

 

This article was previously published in the print magazine as "Hack Away at the Hackers."

  Read more Get Into Access & ID at SecurityMagazine.com/Columns/AccessID

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Bernard Scaglione

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

July 2014

2014 July

In the July issue of Security Magazine, read about how the NFL is balancing security with fan experience to make sure sporting events are running smoothly. If you're doing any traveling this summer, be sure to read the 5 hot spots for business travel security, also, employers can track on-the-go employees with new mobile apps. Also, check out the latest news and industry innovations for the security industry.

Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+