Monday, May 13, 2013

How to keep your online business information secure

On the 23rd of April 2013 the Associated Press Twitter account @AP was hijacked and a tweet saying “Breaking: Two Explosions in the White House and Barack Obama is injured” was published. Immediately after the tweet was published it started to receive attention. The @AP account has roughly 1.9 million followers and is a trusted verified account meaning whatever is tweeted is treated as gospel and usually aggregated by other publishers fairly quickly.

The tweet caused panic, high profile calls were made, media outlets began to publish and the general public did the only thing they know how – they liquidated their stocks – causing the stock market to fall.

That day the Dow Jones dropped by around 150 points – which equates to around $134.2 billion (136.5 USD) – all because of a single tweet. After the mess was cleared up and the stock market recovered, industry experts took a long hard look at Twitter and have started pressuring them to look into better security for their users accounts.

Do you have the same risks? 

Count up your online accounts that you use;
1.   Facebook
2.   Google (Gmail, Google Drive)
3.   Apple (App Store)
4.   Hotmail
5.   Online Banking

What would happen if you lost access to one of these accounts because your password was hijacked like the Associated Press. What would you lose? What damage could it cause to your person or brand?

The average password is 8 characters long; this is all that protects you from losing access to any one of your online accounts. If you are using the same password for all accounts then you've just increased your risk. You need to better secure your accounts, and the good news is it’s very easy to do.

Two-factor authentication 

Two-­factor authentication is the answer to better security – also known as token-­based security. It is an approach that requires two authentication items, in this case something that the user knows – their password – and something that the user has – their mobile phone.

The accounts listed above all have the same thing in common; they offer a form
of two-­‐factor authentication.

•  Facebook has integrated with a web sms (http://smscentral.com.au) gateway to introduce unique passwords sent via SMS upon login of an unrecognized device.
•  Google offers a range of tools including Google Authenticator (Smartphone App), Voice or SMS options.
•  Microsoft offers one time passwords delivered by SMS or Email
•  Apple has two-­‐factor authentication built directly into their iPhones
•  Online banks such as Commonwealth and Westpac offer one-­‐time SMS passwords – other banks offer other tools such as SecurID RSA tokens.

I recently ran through a scenario of what would happen if I lost access to my Google account due to a hijack. It would be a disaster. Have you ever clicked on a “Forgot your password link” what happens when you do – the website sends an email to the registered account and asks you to reset your password. The hacker of my account could search through my emails and find out what communities or online accounts I have registered through my email. They could reset each of my passwords and block my access to any online account I use.

My online social accounts, my business website and my company assets could all be at risk. My brand would suffer enormously; my reputation would be lost and the damage would be irreversible.

My identity would be stolen in a simple hijack of an eight-­‐letter password.

Protecting your assets is important; from your personal email account to your corporate bank account additional security is always beneficial and can save you from losing everything.

Based on the activity in April Twitter should be releasing two-­factor authentication to their users shortly, it might be in the form of an SMS password, or a smartphone application. Once released users will most likely have to opt-­in to the authentication setting to enable it on their account. Which means a large percentage of users won’t make the change, as they don't see the dangers.

Don't be one of the users that loses and account through easy­‐to‐fix security holes. Enable the extra security settings now. There are plenty of resources online explaining how to enable two-­factor authentication on your favorite online accounts. ­I recommend you enable them now before your account is lost for good.

No comments:

Post a Comment