A critical element in protecting your finances, critical infrastructure, intellectual property and other valuable digital information is preventing the theft of your digital identity. Whether an individual or corporate entity, a system administrator or administrative assistant, an executive or network engineer, the compromise of your identity provides “the keys to kingdom” for a hacker or corporate thief.
Traditional thieves will plan multiple means of gaining entry into a home or facility, but will first start with the easiest means of access. Very few will attempt to pick a lock or disarm a security system before checking to see if the door is locked or if someone left a key under the mat.
Cyber criminals are no different; they start with the easiest route—assuming your digital identity and separating it from your physical identity. Once a cyberthief has your digital identity, there is little you can do to stop the damage.
The first layer of defense against identity theft is protecting the physical medium by which you enter the digital domain. Whether it be smartphones, tablets, or networked computers—all provide easy attack vectors for the hacker.
An unlocked smartphone or a tablet with a simple four-digit password is synonymous with leaving the key under the mat. While screen-locked passwords are easily bypassed, taking the time to enter a more complex password might dissuade the hacker.
To ensure security of your physical device, it is always recommended that you encrypt the drive. The latest Android and iOS mobile devices now provide strong encryption for multiple data storage media including the microSD cards.
The next layer of access into the digital world is through networks and servers, which includes wireless and wired routers, Bluetooth devices, and other peripherals that provide the communications link to the Internet. This equipment is often the focal point of an attack because it can be done remotely and on a large scale. Domestic and foreign hackers continuously “ping” devices attached to the Internet looking for that unlocked door.
When they find one, they gain access and control and then use it as a proxy for gathering and distributing information—often without the owner’s knowledge. The threat is so significant that the U.S. government established the National Vulnerability Database to track the vulnerabilities and criticality of those vulnerabilities for network equipment.
To protect your network layer, it’s usually the small things that make a difference. First, secure your wireless home network with WPA-type encryption and change the manufacturer’s default passwords. By not changing the default passwords or leaving ports open and exposed, the “door” is unlocked on a router.
Next, avoid establishing an unlocked “guest” network and regularly download updates to the router firmware. When hackers and network professionals find vulnerabilities in network equipment, they often publish it on the Internet. Manufacturers respond to these postings by pushing out new software. If you do not download the new software, then your equipment will likely be compromised.
The third layer is cloud-based services such as Google Apps, Microsoft Live and Apple’s iCloud. These services provide an entry point into large repositories of personal information from passwords to personal information. Combine that information with data collected by retail vendors, social media sites, and app developers (under the auspices of monitoring the “experience” of that app)—the distribution of all of that information across public and private databases—and the digital version of you can then be generated in hours.
Google and other service providers are now offering security services that can be remotely activated if a smartphone or tablet is lost or stolen. Google Apps, for example, allows the administrator to remotely block access to the email server and cloud-based documents along with the ability to remotely wipe the device if it lost, stolen or compromised.
While this might seem to be somewhat overwhelming, don’t be intimidated. Using these remote security services is relatively easy and most small business owners can implement them on their own.
These examples and recommendations merely scratch the surface of potential vulnerabilities for small businesses, but are intended to raise your awareness. It is always advisable to consult with a specialist in technical surveillance and security systems to provide professional services related to information security.
Content contributed by Advanced Mission Systems, LLC, a company specializing in technical surveillance and physical, electronic and cyber security for military, law enforcement, commercial and individual use. For more information, contact Jerry Snyder at 980-819-2600 or visit www.amsdv.com.