Securing ourselves in a pervasive online world
By Edwin Yapp August 10, 2012
- The pervasive nature of the online world means that any one of us can be hacked
- It’s our responsibility to protect ourselves; start by acknowledging the need, get educated and take practical steps securing yourself
Periscope by Edwin Yapp
IT'S not the first time I'm writing this, and I'm sure it wouldn't be the last either.
I was priming for another commentary on another theme but I was prompted to write this by what I read yesterday on how a seasoned tech journalist from a reputable publication got hacked, as well as several other stories that came up either on our DNA site or on other news sites.
According to wire news agency, AFP, last week Wired writer Mat Honan was subject to an epic hacking attack that took over his Google account and compromised his Twitter account. This led to his AppleID account being accessed and used to remotely wipe both his iPhone and his iPad.
Painful experience indeed, and I can't even begin to imagine how he must have felt.
In June, professional social networking site LinkedIn confirmed it suffered a data breach resulting in user passwords being stolen. The company, however, did not reveal how many passwords were stolen but the number was believed to be in the region of over 6 million accounts. LinkedIn struggled to get to the bottom of the causes of the breach and how it plans to move forward.
Closer to home this week, the government insidiously gazetted the amendments to the Evidence Act 1950, which will have serious implications on Internet use as the owner of a website or device is presumed guilty and has to fight to prove his innocence.
And in related news this week is a recognized tech stalwart who very chillingly said that today's online world is overly dependent on technology, particularly cloud computing, where data and software are no longer stored on local machines but on large, powerful servers that are owned by titans like Amazon, Google, Facebook, Twitter and the like.
Steve Wozniak, who co-founded Apple with the late Steve Jobs, recently was quoted in AFP as saying, “I really worry about everything going to the cloud. I think it’s going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.
"With the cloud, you don’t own anything. You already signed it away through the legalistic terms of service with a cloud provider that computer users must agree to.
“I want to feel that I own things,” Wozniak said. “A lot of people feel, ‘Oh, everything is really on my computer,’ but I say the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it.”
With all these aforementioned cyber challenges -- and these are the only few that we're discussing -- ahead, what should and can the average Joe in the cyber world do?
How do we begin to protect ourselves from being hacked, our passwords stolen or indeed our account compromised such that we can even be prosecuted for such an event?
Well, the first thing to do in any problem is to acknowledge that there is one in the first place and realize that it can have the potential to ruin us. Read Honan's lengthy account and you'll know what I mean. He has his regrets and like him and many of us, we are the ones who choose to put our lives online in the first place.
Secondly, we need to take cyber security seriously, and move beyond rhetoric. As a tech journalist having covered the local scene both in the enterprise and consumer circles, I can equivocally say that there is "a lot talk about security, but little action."
From small businesses, to consumers, even to large enterprises, the most impressive security technology is only as strong as its weakest link, which invariably relates back to human neglect and error.
Next up is to get educated. No longer can we say that we're not technologically savvy enough to learn about securing our PCs, laptops, tablets and smartphones, at the very least. With the advent of the Internet, Wikipedia and the like, this argument holds no water anymore. Simple knowledge can be picked up just by reading.
With these fundamentals in place, what else can you and I practically do?
Start by backing up your data not on another cloud service provider such as Apple's iCloud, Dropbox or others but on a good ol' fashioned and relatively inexpensive disk drive. Nothing beats having your data with you.
Dhillon Andrew Kannabhiran, founder and CEO of security specialist Hack in the Box, suggested encryption.
Speaking to Digital News Asia, he says, “If you're going to store data on infrastructure that you do not own or control, he says the only way to ensure that it's secure is to encrypt it. Sure encryption is a pain to set up and maintain across multiple devices, but it's the only way to truly remain safe
“Of course keeping the encryption keys safe is also equally important as is keeping an encrypted back up just in case.”
As far as passwords are concerned, my view is that it's prudent to have an array of passwords for different classes of accounts such as e-mail, cloud storage, online accounts, and online banking,
As obvious as this might sound, it isn't practised very often -- make your password as uncommon as possible and as tough as possible to guess, with a combination of uppercase, lowercase and numbers and signs.
Dhillon adds, "Develop a password policy which doesn't involve using the same password more than once. Most people also don't bother investing in a password manager (1Password for example) -- a tool to generate secure passwords and most importantly, store them safely.
"A password manager will take a lot of the headache out of managing credentials and you can also have a policy of changing these passwords once every 3 months or more regularly.
"Don't set 'common' password reset questions -- things like your mothers maiden's name, what school you attended, what year you graduated -- that are not unique enough as it's surprisingly easy to answer such questions, for example, just by checking your Facebook profile."
Besides the obvious worry over what unauthorized people could do with these exposed passwords, other larger issues have surfaced that the industry and consumers alike need to ponder over and address sooner rather than later.
One that comes to mind, is the need for the industry to move everyone to a two-step authentication verification system, which requires a code to be submitted to the systems you're logging in to besides your username and password.
Most banks already use this service when transacting with user online but such technology is yet to surface in everyday, ordinary use. Perhaps, sooner than later, this two-step verification can become a de facto standard in all our online transactions.
In the final analysis, it’s us – you and I – that are ultimately responsible for our own cyber security. Like in the real world, we take steps to secure and protect ourselves from physical harm and danger, it’s time now to do so too in our cyber life.
For if we don’t, we have ourselves to blame.