Guarding The Gate

Too Much Information: Giving Away Your Credentials

Sharing On Social Networking Sites Make Hackers’ Work Easy

By Kevin Hamel | Special To The Commercial Record | February 7, 2013 | Reprints | Unlock Link | Print

 

CRGuardingtheGate_020713The irony couldn’t be greater.

Here we are, in the middle of a world-wide security storm. Thieves are deploying every technology imaginable to capture our data and steal our money. State and federal governments are passing new legislation. Agencies are publishing new guidelines. Banks and other companies spend billions of dollars each month to protect our information from thieves. Then we log onto Facebook or Ancestry.com where we enter most of the personal information those same thieves need to access our identities and our assets.

Recent surveys show that nearly half of all public profiles on social networking sites expose the day, month and year of their births. More than half share the name of their high school. Dig a little deeper and you’ll find mother’s maiden name, street where you grew up, the name of your first dog or cat – you name it. It’s all out there, waiting to be gleaned.

How much more does a criminal need to open a new bank account, crack passwords or answer challenge questions on existing accounts?

Companies have also suffered the consequences of unthinking employees posting too many details online. Smart criminals use social networking for reconnaissance. They use details from Facebook and other social media sites to understand the organizational structure and roles of staff. Armed with this information, they customize attacks to specific roles (such as sending a malicious document titled "Benefits Summary" to HR staff rather than IT staff, for example).

The fact is that social engineering works very well. We want to share everything, from the favorite recipe we just cooked to the Persian cat we just coiffed. Armed with these personal and revealing details, hackers don’t have to work overly hard to commit fraud.

Increased use of mobile technology also has fueled fraud. According to some security experts, smartphone owners are 33 percent more likely to be victims of ID fraud than non-owners. Driving the increase may be simple laziness. Nearly one-third of smartphone owners do not regularly update their phones’ operating systems. Nearly two-thirds of smartphone users do not use passwords on their home screens, and nearly one-third save login information on the device.

 

Basic Security Measures

One effective method of thwarting cyber crime continues to be consumer education. Bankers and others faced with safety and soundness must continue to impress upon consumers the importance of basic security measures. Most of these measures have not changed appreciably from years ago, and are well within the control of the consumer:

  • Limit the amount of personal information you post in social forums.
  • Use strong passwords and change them frequently.
  • Apply software updates as soon as they are released.
  • Beware of suspicious emails containing links and attachments – even those coming from known addresses.
  • When you work on your PC, use the administrative role only when making software changes. The rest of the time, sign in as a user with limited rights.

More than the laws passed and the rules handed down, these basic measures can go a long way toward turning the tide on cyber attacks. If consumers would stop releasing personal information and secure their technology, we would be in a much better place.

Perhaps the banking community can continue to be the voice of reason for the public. Given the level of trust consumers place in their bank, who better to drive home the importance of security?

Kevin Hamel manages security for Avon, Conn.-based COCC, Inc.