Welcome to the KL Bar Blog

Tuesday, 4 September 2012

Monthly ITCC Tips - September 2012


Keeping information safe online and in the cloud

Wired writer Mat Honan was subject to an epic hacking attack that took over his Google account, compromised his Twitter account and led to his AppleID account being accessed and used to remotely wipe both his iPhone and his iPad. On August 5, Apple co-founder Steve Wozniak expressed his own wariness of the cloud. In light of this, Relaxnews asked security expert Christopher Boyd, senior threat researcher at GFI Software, for tips on keeping information safe online and in the cloud.

The effects of a hack of the nature Mat Honan suffered can have far-reaching consequences. “The biggest impact here is the loss of invaluable personal data,” says Christopher Boyd. “Money can often be recovered, fraudulent purchases can be addressed but the loss of photographs and work related material can be devastating.”

How to ensure you don’t lose data

To safeguard against the loss of invaluable data, Boyd recommends individuals back up their information on a hard drive as well as storing it in the cloud. “Users should take advantage of cheap external hard drives and use one to regularly back up their entire machine, or at least their key documents.”

Boyd also suggests using “a further backup at another location — perhaps stored at a close relative’s house.”

Use two-step authentication features

Mat Honan admits that he did not use Google’s two-step authentication process, by which a pin is sent to a mobile or other device when a person is attempting to log on to an account, to protect his Gmail account.

Boyd recommend that users should always take this step, also noting that “if users are worried about social engineers obtaining their phone number and convincing their mobile operator to redirect SMS texts to phones owned by the attacker, they should install the Google Authenticator application (which even works offline) and bypass that possibility.”

Boyd also notes that “often, an attacker will try to compromise the email listed for password recovery to completely lock out the victim, and the information needed to break into the second account can often be found in the first.”

In order to avoid falling victim to this, Boyd recommends “trying to ensure a backup address is at least as secure as the first, doesn’t have an obvious password reset question and uses some form of additional verification such as two-factor [authentication code].”

Make data security a priority  

Securing your data online should remain a priority. Boyd notes, “There’s no excuse for not securing these accounts to the best of your ability. If you have a single ‘master email’ used for everything from shopping to banking and website logins, at least secure it with authentication devices and don’t reveal it online or use it to talk to friends or work colleagues.”

Boyd concedes that keeping all accounts separate from one another is difficult, noting that “we [users] have to make do with the tools given to us by the owners of the services we invest in, and we’re slowly being given more options as they realize standard username and password options aren’t strong enough. Where additional security tools exist such as with Gmail, it is paramount that users make full use of them.”

This article is reproduced with permission from Agence France-Presse (AFP).

No comments: