“It won’t happen to me. Afterall, I’m an IT professional, right?”
Friday, July 25, 2014
Posted by: Randy Baker
When you leave for a week’s vacation, “Do you leave your house key on a chain dangling from your door knob?” When you go to the mall shopping, “Do you leave your car key in plain sight on the dashboard with the car doors unlocked?
Many in the general public and a surprising number in the IT community do just this with their online identities with poorly conceived insecure passwords.
We deal with horror stories daily of individuals who've allowed, for example, their Facebook or e-mail accounts to be hacked due to poorly conceived often duplicate insecure passwords. The perpetrators often then begin sending out Facebook messages or e-mails to the unsuspecting victim’s e-mail contacts AS THE VICTIM with very beguiling messages and a spybot infested url for the unsuspecting third party victim to click on allowing the perpetrator access to their computer as well. These spybots are often newly formulated and therefore unable to be detected by traditional Virus or Malware protection. Due to this increased stealth the original victim and the now new victims are more often than not totally unaware their computer and subsequent data has/is been compromised. Often, even if the victim discovers the intrusion their password has been changed by the intruder allowing the intruder unhindered access! The familiar immediate browser hijacker pop-up screens upon infestation of the past are an amateur prank compared to the stealthy spy bot strategy now being implemented.
When this spybot strategy happens to a business computer used to access the business’s bank accounts the increasingly common danger is that business will mysteriously have large amounts of money wired from their account to off shore accounts in the middle of the night. The consumer protection built into the US laws we have come to expect against this type of fraud are not available to business accounts and once funds have been transmitted out of the country there is no legal recourse. All very preventable and due to poorly conceived insecure passwords opening the door.
In our security conscious times when so much of our security is hinged on proper passwords it can be quite overwhelming to have different secure passwords for each of our personal and business sites we visit. At last count I personally have accumulated 84 different User Names and Password credentials to various websites through the years.
While this is not meant as a commercial for any one particularly product, as there are many available, I’ve used Last Pass (www.lastpass.com) for many years. It has a free version or the upgrade $12 annual version. A small price to pay for one central secure site to help with password security. Browser plugins are also available for ease of use.
If you haven’t already, I’d highly recommend researching at, for example. www.cnet.com the best product for yourself and implementing an additional layer of security around your log in credentials.