Reports of online hacking on a grand scale are an almost daily occurrence. From credit card data breaches at Target and Home Depot to the unauthorized access of female celebrities’ personal photos from password-protected cloud accounts, it seems like everything is fair game to sinister online forces.
The Internet has come a long way since its humble beginnings in ARPANET. The rise of the smartphone has connected every corner of the globe, which means there are now hundreds of millions of potential targets for hackers.
“If you think that you’re safe, that there’s nothing interesting about you and no one wants your information, you’re wrong,” security specialist Krista Trovato told a captivated audience at the recent Drupaldelphia convention in Center City.
Trovato’s presentation on security in the open-source publishing platform Drupal hit home for her attendees, many of whom are business owners or work for companies that count on them to keep websites secure. Her company, Peerless Design Inc, sells security services to such businesses.
“All users and organizations of all sizes are targeted by hackers,” Trovato said. “Hackers target different users and organizations for different reasons.”
Those reasons range from stealing classified files on government websites (Google Edward Snowden) to gaining epic bragging rights for stealing naked pictures of famous women.
Whatever the reason, it’s become clear that all corners of the Internet are vulnerable to breaches.
Behind the breakdown
One explanation for the recent wave of security breakdowns comes from the companies themselves.
In business, a lot of important decisions depend on budget and available resources. When those resources are limited year after year as the result of a slowly recovering economy, companies large and small are forced to make cost-cutting decisions with far-reaching consequences.
One of the biggest areas of contention is the amount of money a business invests in technology. Businesses should really be factoring in online security costs with the costs of computers, software, and hiring a contractor to build their website.
But replacing an office’s entire computer inventory is expensive and time-consuming, so companies use the same computers year after year, with outdated, unsupported operating systems that put their entire office and web presence at risk.
And if it’s a company that sells its products online, like Target or Home Depot, that risk trickles down to their customers.
According to Krista Trovato, having qualified manpower is another area where businesses are leaving themselves open to attack. One organization that suffers from a lack of experienced online security personnel is our own federal government.
“Government agencies are easy marks [for hackers] because they ... tend to have trouble attracting the best of the best and hire companies based on nepotism rather than qualifications,” she said.
Our devices, ourselves
Devising an evolving, ongoing process to keep computer systems up to date is only part of the solution for keeping hackers at bay. It is equally important to empower the users. Networked devices are only as safe as the informed individuals who use them.
The National Cyber Security Alliance, a Washington, D.C.-based non-profit, has launched a campaign designed to protect online users called Stay Safe Online. The campaign’s website offers hints to businesses, parents of children who use the Internet, and other individuals.
For home users, Trovato recommends using secure passwords, keeping computers and devices updated with the latest firewall and antivirus software, and paying for online transactions with a pre-paid credit card.
Pre-paid credit cards, like the Visa gift cards you see in CVS or Rite Aid, can be anonymous, requiring a one-time activation online or by phone that will not compromise the security of personal identifiable information in the event of a breach.
Web users can take advantage of services like LastPass, a password-generating program that remembers all of your passwords for various websites in a secure account so you don't have to.
According to LastPass’s website, 73 percent of online users have the same password for multiple websites. While having one password may be easy to remember, it makes the process of gaining access to your personal accounts easier for hackers.
Whether you’re an individual user or the web producer for a company’s website, your online experience depends greatly on your own vigilance. For Trovato, pleading ignorance is no longer an excuse.
“The more connected we are, the more aware we need to be.”
commentary by Marta Rusek original article @newsworks.org