As we continue to be amazed by the scope of the News of the World hacking scandal it’s worth considering how valuable our personal and business information has become.
That is not news to companies like Google and Facebook, who have built businesses worth hundreds of billions of dollars on our willingness to give away personal information.
It’s unlikely that we or our customers are going to be targets of the London tabloids or the paparazzi but our information is worth protecting and here are a few ideas on how to make your business more secure.
At the core of the NOTW scandal was the newspaper’s abuse of message bank services, where reporters or private investigators hired by News International accessed messages left on mobile phone services.
Calling that “hacking” is giving it more credit than it deserves, with accessing mobile phone message banks usually easy because the victim doesn’t change the default PIN code the mobile carrier uses for mobile accounts.
So the first thing to do when setting up a mobile service is to ask your carrier how to change the PIN code for your mobile account.
While you’re talking to them ask if they offer an SMS service to notify you whenever your phone service is accessed remotely.
With any electronic device you buy it’s sensible to change default passwords or PIN codes as a matter of habit when you set them up.
One of the biggest weak links in our online business and private lives is the use of passwords.
We tend to be careless with how complex we make it and who we give it out to so it’s worthwhile to be careful with critical passwords.
As well as making them complex – say a long phrase with a character acting as the space like Mary&had&a&little&lamb – you should change them on a regular basis because we’ve seen many passwords leaked by businesses this year.
Other things you need to consider are secret answers to questions many providers ask you to set up.
Questions such as your mother’s maiden name could be easily figured out by a professional or determined investigator and social media sites like Facebook can make that even easier.
US vice presidential candidate Sarah Palin was caught out by exactly that in 2008 when hackers figured out her secret passwords from public records.
We should also be mindful that phone hacking is only one part of corporate security. Earlier this year there were allegations that Federal government emails had been compromised by Chinese organisations.
That almost certainly happened as a result of plain text passwords being sent through hotel or public networks. It’s wise to make sure that Secure Socket Layer access is required on all remote access.
We shouldn’t forget that much of the data in the NOTW scandal was accessed by paying off staff, allegedly including royal family bodyguards.
It’s difficult to see how you can protect yourself against corrupt workers but you can reduce the risk of your organization giving out details by restricting confidential data on a “need to know” basis, with access logging enabled.
“Blagging” – or to use the horrible American term “pretexting” – is pretending to be someone else to get important data, with slack procedures by various government agencies and private organizations responsible for much of the data being given out.
There’s no doubt that many organizations are cavalier with customers’ information and hopefully recent hacking events along with the NOTW scandal will force businesses to start taking user privacy seriously.
For smaller businesses we have to show respect to our customers and we must have procedures and trained staff in place to make it difficult for blaggers to compromise our systems.
Measures can include refusing to give out passwords and identifying data which the customer should know as well as insisting on sending details to a known SMS number or email address.
As reprehensible as the behaviour of journalists, editors and News International management was, we should be in no doubt that the tactics employed by their private investigators are widespread in everything ranging from domestic disputes to industrial espionage.
Given the value of our and our customers’ private and commercial data we need to take security seriously.
For years we’ve been warned that cyber warfare would break out one day.
Corporate data breaches and the NOTW scandal show that the battles have been closer than we thought.
One of Australia’s leading experts on technology and change, Paul Wallbank has written seven books on computers and the Internet, is a regular broadcaster on ABC Radio and built an IT support company from a start up into a national organisation.Paul’s business, Netsmarts, helps businesses understand and find opportunities in technologies like cloud computing, social media and the online tools that are changing our business world. Netsmarts provides consulting services, workshops and training for business and public sector organizations. eBusiness, Seven Steps to Online Success is Paul’s latest book which looks at how you can get your ideas online and making money quickly and effectively using web services like social media and cloud computing. eBusiness is available at all good bookshops or through the publisher.
James was the editor and publisher of SmartCompany and LeadingCompany for five years. He is now the Australian Financial Review‘s companies & markets editor, and a former BRW editor.
