BYOD – Bring Your Own Devices – is quickly becoming the norm as major companies and organizations worldwide strive to keep pace with their young, mobile and connected workers. But for information security chiefs, it’s also a huge—and some security experts say growing—security headache. According to Andrew Deacon, a security specialist at British IT security company Sophos, because of the trend, it’s never been easier, or cheaper to hack into an organization, steal its secrets, or create havoc with its data systems. Deacon says increasing numbers of amateur criminals and hackers without serious technical skills are getting into the act, and here’s five ways they’re doing it:
1. Almost all major coffee shop chains offer free WiFi
2. A relatively easy next move, the cyber security version of the “the man in the middle” scam: create a mock login page for a site that’s likely visited by the hacker’s target–the Facebook login page, for instance. Or, a company’s Intranet login page. Many of these are easily downloadable from IT specialty sites that build them to test their vulnerability. The unsuspecting user logs in as usual, giving away username and password details. Since many people use the same details across platforms and sites, it’s often easy pickings for hackers from there. There’s password cracking software as well. Most passwords don’t take more than a few minutes to crack, Deacon says.
3. Stop using the same password across all your accounts.
4. What would you do if you received this email: “Hi, it’s Sam from IT. We’ve got a security update we need you to run, can you run it for me please? Just double click the attachment. Thanks.” According to Sophos’ Deacon, many employees do as they’re told when they see an email which looks like it came from their company’s IT department. What’s been unleashed? One threat is a Trojan Horse malware program. It sits unseen on a company’s server and can be used to pilfer data like passwords and internal communications.
5. There’s another new trend that’s also worrying IT security experts: the move toward cloud storage. The free cloud storage and file sharing market is a potential goldmine for hackers. Employees tend to upload confidential business data into their personal accounts with weak or no security controls. In a report this week, cloud provider Intralinks found that people were uploading and sharing live links to personal photos, tax returns, bank records, mortgage applications, blueprints and business plans. Intralinks was able to download several of these documents without needing to insert a password.
Originally published on www.wjd.com/tech, written by Amir MizrochAmir