A group of Eastern European hackers has recently been charged with conspiring in an international data-breach scheme that targeted dozens of retailers and institutions—including Apple, Facebook, Twitter, and Nasdaq—over a recent seven year period. It is by far the largest hacking scheme ever prosecuted in the United States. Although this particular group of hackers’ exploits has come to an end, the manner in which they captured and re-sold over 160 million credit card numbers calls attention to the rising sophistication of hacking schemes coming out of the former Soviet bloc and how they target online consumers specifically. A disturbing detail emerging from the case is why the hackers sold stolen European credit card numbers at a rate five times higher than North American credit card numbers: because North American numbers were easier to obtain. It’s important for individuals and businesses alike to understand that these hackers take a fundamentally different approach than their more high-profile Asian counterparts. Most of the hacking schemes coming out of Asia target specific specific institutions and governments, seeking out classified information for political gain, whereas Eastern European hackers take a data-mining approach. Their malware scans millions and millions of websites for potential weaknesses that will allow them to obtain basic user information, IP addresses, and credit card numbers which they then resell to a larger network of cybercriminals. Many users are careless with the information they share online because they think, why would a hacker target me, specifically? The threat lies in the fact that they’re not targeting anyone specifically. They create elaborate software “nets” to capture unprotected information on the web. Thankfully, there are some basic guidelines you can follow to keep your online information safe, and keep yourself invisible when it counts:
Craft thoughtful and effective passwords
Password complexity is a fundamental security measure. Using a combination of letters, numbers—and when possible, punctuation marks—makes passwords less likely to be picked up by data mining malware. For businesses, password policies are a minor, but no-cost solution. Requiring network and employee passwords to be a particular length and /or level of complexity will ensure that all passwords related to your business are at the same security level—software parameters can even be installed to automatically enforce desired password lengths and and standards of variety.
Don’t use the same password for multiple accounts
It can be a hassle to keep track of all of your passwords, especially since every site and online service requires you to register with one, but when you don’t differentiate your passwords, you increase the vulnerability of all of your information. For example, if you use the same password for ten of your online user accounts, your information as a whole is ten times more vulnerable to attack than if you had created a different password for each site. Keep track of passwords by writing them down on paper, secured in a safe place—do not store them anywhere on your computer.
Always update your software and operating system
The most common type of software updates involve bug fixes and security updates. That’s why it is vitally important to regularly check for updates on all of your software, even if it doesn’t seem like it will make a difference in the application’s performance. Many operating systems will automatically notify you of any available updates, but it’s best to check manually every so often. For businesses running on servers that provide publicly accessible services like email, VPN, or personal websites, it’s especially important to set up a regular update schedule for any and all systems in your network.
Invest in intrusion detection + prevention services
Many users won’t even know their information has been compromised until it starts being used. Early detection and prevention of unauthorized activity is the most proactive means of protecting your information and identity. Third party services can systematically block IP addresses from certain geographical areas from your router by checking the location of any new IP addresses that log onto your internet connection. If the connection is found to be suspicious (because there’s really no reason for an IP address in another country to be using your connection) then that address is blocked. This allows you to share your internet connection with friends and visitors, and no one else. There are a variety of software options as well as hardware appliances that can implement these services on any level—whether you’re a private residence, a small business, or a multinational corporation.
Find out more
Contoured Solutions offers an extensive range of anti-virus, anti-malware, and internet security features and services. Contact one of our representatives today to find out how a comprehensive security profile can instill user confidence and take your ecommerce business to the next level. Whether you’re a small business owner, or a simply a savvy internet user, Contoured Solutions can help.