Back in 2011, Sony lost an estimated $170 million after its PlayStation network was attacked. Around 80 million accounts were affected, and the hackers acquired card numbers, email addresses, full names and passwords. This resulted in a public relations disaster that rocked the company, and deeply upset many of its customers. But it isn’t just Sony and the world’s biggest companies that are vulnerable – without the right precautions, you could be vulnerable too.
Start off by thinking about how you and your employees access the Internet. If you run a website, you probably just visit the login page over a normal http connection and login. Meanwhile, if anyone were to use a simple product like Wireshark, they could look at your packets and quickly find out your username and password.
For a hacker, the process is so easy. There are countless videos and tutorials online that teach the process, so anybody that knows how to click a mouse and search Google could work it out. The absolute best solution to this problem is getting yourself a VPN, where your traffic is routed through an encrypted tunnel between your computer and the VPN server. The VPN server then makes the request, and then returns the request to you. Under this solution, you could be sitting in a public wireless spot, next to dozens of people, and they wouldn’t be able to get your usernames and passwords.
“Even the government and your ISP can’t tell what you’re doing on the Internet when you use a VPN, so it gives so much additional security. You can use the most secure password there is, but it will do no good if you allow someone to intercept the requests you make to websites,??? says www.boxpn.com. “VPNs can also check each packet and ensure there are no viruses or malware, which makes your computer less vulnerable to another vector of attack.???
Once you have a VPN, it’s time to think about passwords. The most important thing is to be aware of the danger of using the same password on multiple sites. You could have an 80-character password – made up of dollars signs, ampersands, and every other character imaginable – and it would do no good if you used it on every site you visit. One of those sites will have their database hacked at one point, and many sites still store passwords in plain text. A hacker will get your password from that site, try to use the same password on other websites, and they will have access to everything.
You should ideally have a long and unique password for every website you visit. If you are storing sensitive business or customer information, this is essential. You should also limit access to as many people as possible – for each person who has access, you increase the chance of a vulnerability occurring.
If you get the chance to use two-factor authentication, use it. If you happen to use Gmail or Google Apps for email, you can see how to set it up here. See if you have the option of doing the same for your bank, CRM, accounting apps and other places where sensitive data is stored.
image source: fotolia