The BBC has recently published that the CEO of coca cola http://www.bbc.co.uk/news/technology-20204671 suffered an IT security breach that allowed hackers to masquerade as him. This is believed to be an attack specifically targeting Coca Cola during a potential acquisition of a Chinese drinks firm Huiyuan Juice Group. As Coca Cola is a big name target and the numbers reflected are in the billions it is easy to become dismissive of these events. However these attacks can occur very easily, following a malicious link, or tweet could lead to a complete compromise of your email or internal systems. The tools to do this aren't hugely sophisticated and are freely available and made use of. These attacks can be used to do everything from compromise internet banking details, to steal credit card data or in some cases submit rogue invoices and have them approved by a compromised email account leading to money leaking out. Many companies keep quiet on the subject of security breaches making it difficult for others to learn the lessons of their errors. I recently spoke on this very subject at a conference organised by the UK Payments Council as it is something that can affect businesses of all sizes. In many cases a rapid response is required if a security breach is suspected as well as understanding which of your customers and stakeholders need to be kept informed. Defending against these attacks can sometimes feel a little daunting. Keeping track of important client data is vital and applying strong security controls such as restricting access and using strong passwords is an absolute must. However if your account has access to everything and it is you that is compromised what do you do? This is a problem that requires even more diligence to avoid being amongst the "low hanging fruit" hit by hackers. Our forensic work regularly shows that the same attacks are used over and over because often many businesses aren't fully aware of the risks or how to manage them. In some cases this has lead to key supplier information being leaked - such as login accounts on exporter trade websites (think alibaba etc). If your supplier contacts were leaked or your margins and pricing exposed the impact can be detrimental particularly in the e-commerce space. Adopting a password vault can be a simple step to making your passwords more complex and more secure without you having to remember lots of complex phrases. The concept is fairly simple, have one long and memorable passphrase that is used to secure the others. The others can then be auto generated to long, strong and complex requirements and stored encrypted in the "safe". When you need the password, you log in to your safe and then copy the password and away you go. Free tools such as PasswordSafe are remarkably good and quite easy to use http://passwordsafe.sourceforge.net/ Have a look, feel free to get in touch if you want to have a chat about IT security and what you could do more generally. Andy
Contact Details Mobile - 07889 183 207 Skype - andrewbarratt andrew.barratt@coalfire.com Andrew is an experienced IT and Information Security Consultant, PCI DSS advisor and QSA. As a…
Post articles and opinions on Manchester Professionals
to attract new clients and referrals. Feature in newsletters.
Join for free today and upload your articles for new contacts to read and enquire further.
