(502) 632-4322

BUILDING INTEGRATION

Posts Tagged ‘technology security’

Security extends far beyond the physical

In recent weeks, hackers have taken hundreds of thousands of computers captive through the WannaCry ransom attack.


What is a ransom attack? Using this type of attack, hackers lock down a computer’s data and hold it hostage until the victim of the attack agrees to pay a ransom.
The implications are far from benign, and could indeed be life-threatening. Hospitals in the UK were particularly hard-hit, and without access to records were forced to turn some patients away.
On the heels of WannaCry, news broke that thieves dumped database with 560 million passwords on the Internet. Many of the records were compiled from previous hacks, including LinkedIn, Dropbox, MySpace and Tumblr.
The password dump poses a significant risk to personal and business data, as many use the same passwords across multiple platforms and services.
Both of these attacks highlight this truth: security extends far beyond the physical space. Increasingly, organizations must be vigilant about protecting themselves and their customers in cyberspace, too.
What can you do to protect yourself and your business? The steps are simple, and you’ve probably heard them before, but it’s worth repeating.
Don’t reuse passwords. Just don’t. Strongly consider purchasing a secure password generator and storage solution. Don’t forget to change passwords regularly, too, and never leave default administrative passwords in place.
Keep connections minimal. Only network and connect to the internet when necessary, and in those circumstances work to minimize exposure and secure connections. Following the DDoS attack that took down Spotify and Twitter last fall, we put together this Q and A with Anthony Tatman, our director of IT.
Keep software updated. Make sure you don’t use pirated versions of software; you’ll miss out on critical updates. When updates and patches are release, update promptly. Hackers rely on software vulnerabilities to worm their way in to systems.
Beware of phishing attacks. Never open emails or documents from sources you don’t recognize. Even if you recognize the source or it seems legitimate, exercise caution. Be aware of uncharacteristic language or strange file extensions.

‘Free’ could cost you when it comes to charging your phone

You know those free charging stations you see scattered about in airports, malls and other locations? The kind that allow you to plug in your phone or tablet using the USB cord that’s been so thoughtfully provided? Yeah, you might want to skip using those and let your phone go dead instead.

Screen Shot 2016-08-15 at 7.03.37 AM

A recent Krebs on Security report revealed that thieves can use those stations to capture video of every move you make on your device while it’s plugged in. How? Most smartphones and tablets have the ability to mirror their displays onto a larger screen, such as a television. Using the feature is a simple as connecting the device via a USB cable.

When you plug your device into the otherwise innocent-looking charging station, thieves capture every keystroke via video, playing it back later to look for passwords and other valuable and vulnerable data.

Krebs is the go-to source for scary stories about how thieves use technology to steal our identities and ruin nice things. Another recent report from Krebs detailed the hard-to-spot differences between a legitimate point of sale terminal and a compromised terminal capable of skimming card data. Another report demonstrated the extreme and obvious vulnerability of a stand-alone ATM machine at a busy grocery store in Northern Virgina.

Some takeaways for facility managers:
• Be careful connecting your device when out in public. Using public wifi – or even charging stations – could expose your data and open up your facility to risk.
• Be aware of potential security issues with any convenience service you provide, especially if it is provided by a third party. If customers’ data is compromised because they used the ATM kiosk inside your business, your name will be associated with the experience.
• Regularly audit your point of sale terminals and other devices that capture data. Keep an eye out for any physical evidence of tampering.