Posted: July 10, 2013
What’s your hackability rating?
How to keep it lowBy Adam Roth
Try an internet search with the words ‘China,’ ‘hack,’ ‘security,’ or ‘NSA,’ and you may get more than you bargained for. With news about NSA’s surveillance program and President Obama’s recent meeting with Chinese President Xi Jinping, discussions around computer security have surged. And, while the administration is alarmed with the alleged stealing of U.S. weapons intelligence, what about the rest of us? (Source: "Year of the Hack," New Yorker May, 28, 2013).
Even without missile defense information, everything on your computer is valuable and much more hackable. Do you know your company’s hackability rating on a scale of 1 to 10? Here are three common areas of risk that each has simple, cost effective solutions.
“I work from home at least 75 percent of the time.”
- The Census Bureau tells us that the number of people working from home has increased 41 percent from 1999 to 2010. With growing demand for remote network availability, network administrators have been put between a rock and a hard place. Most often the simplest, and therefore most common, way to address this issue is to open up an IP address. This allows all users to remote desktop into their computer at the office. By leaving the remote desktop wide open, essentially anyone with a username and password can access the network. This may sound secure but in reality it’s risky. Hackability rating: 5
Why? If you’ve ever worked from Starbucks or a hotel using Wi-Fi access, you’re vulnerable. There are traffic monitors that allow thieves to view and capture anyone’s data that is going across a shared wireless network. That means you’ve inadvertently made available all of the corporate credentials a hacker would need to access your company’s network.
Recommendation: VPN (Virtual Private Network). A VPN can be set up for remote users and can be configured with Windows servers, most business class firewalls, and even some third-party software. In most cases, for the end user it only takes one additional click to log into remote desktop with this set up; so it’s all upside.
“My laptop is my co-pilot.”
- What if you work from home, but you’re never actually home? This is true for many of us. If you’re working on the road, in the air, at client offices or somewhere in between there are ample opportunities for your laptop to get lost or stolen. If this happens, the thief is probably more interested in the data on your computer than selling the hardware itself. All the thief has to do is remove the hard drive and copy it. Hackability rating: 10
Recommendation: The best remedy to this is data encryption. It may be aggravating to have to enter a password twice in order to access your computer, but it’s worth it. With encryption you’ve cut the chance of your data being sold by about 99%. This feature is available on most laptops and there are also software solutions from third-party manufacturers. Truecrypt (www.truecrypt.org) is free open-source disk encryption software that can help keep your data safe.
“My password is not my birthday but I never change it.”
- We all know passwords like Fluffy297 or our birthday are no good. But what happens when we use the same password for every log in? Or, we never change it? In short, bad things happen. Hackability rating: 8
Recommendation: Experts say you need to change your online passwords about every 40 to 90 days. But who can keep that pace? Online password managers like LastPass (www.lastpass.com) can help. A new product Yubikey (www.yubico.com) is taking password management and authentication to the next level. It’s an encrypted hardware token― think USB stick― that can be used for almost anything related to passwords.
Security is always a matter of balancing threats versus access. Whether you’re running a corporate network or a home network, you should consider outlining a data security plan. Identify your assets, the impact if those assets are compromised, and the likelihood that a compromise will occur. This will give you a more current and effective security policy and keep your hackability rating down― and this is one score you want to keep low.
Adam Roth is a security engineer at Dynamic Solutions International, LLC. (DSI). He is a cyber-security expert with more than 10 years of experience in the areas of security, storage and virtualization. He can be reached at a.roth@DynamicSolutions.com.