The last months have been fertile in hacking news. Just as we used to hear about wars and skirmishes between neighbouring countries, we now hear about hackers stealing account data from banks, gaming networks, credit card providers, and who knows what else is not on the news.
Amid these news we hear about accusations of "cyberwarfare", either pointing the finger at China, Russia or even North Korea. While this is not completely outside the probabilities, I personally see these cyber attacks as good old theft, where one steals money from another.
My question is, how safe are our personal accounts? What is being done to counter the current trend? When even giants, like the Sony Playstation Network, are being hacked and seem not to be able to stop new attacks, what can we expect from all the small online stores we give our credit card details to? Obviously, I'm not stopping using my credit card online, and even with the risk we are at a point where turning our backs at the Internet as a platform for commerce and services is unthinkable. So, what can we do, as individuals to protect ourselves?
I would love to hear your thoughts.
There's two parts to the theft:
ReplyDelete1. account data theft, which can be alleviated by either signing using facebook, google or openid or using a unique password per site (either by using a pattern, a password service such as LastPass or having a good memory). If and when your account at a smaller site is compromised, the hackers won't be able to try to access your other online accounts by using the same password. (this happens a lot)
2. credit card theft: using systems such as paypal, amazon payment, facebook credits can create an interface so that your card details are less at a risk of being compromised. Otherwise, it is best to use a card which has insurance along with it (which is offered with a lot of credit cards and some debit cards although I couldn't tell you which ones..). This way, should any details be stolen, you can use the insurance to reclaim the money.
There's also a lot to be said for common sense:
1. look for ssl certificates when online (green bars preferable) and even have a look at which organisation has issued it. Browsers should highlight the certificates.
2. don't go on sites that look dodgy or of a dubious nature. Websites are legally required to have a telephone number and address present. If you have any doubt, contact them to investigate further.
Thanks for the great comment, John. How do you or anyone else feel about password managers?
ReplyDelete