Here are my five things we discovered in the last 12 months.
- Big brands being hacked grabs headlines – but the story can start with a small business.
The hack and release of personal data from the adult dating site Ashley Madison probably got the most media attention of all the security breaches in 2015, but it was far from the only one. The list of familiar brands and organizations that suffered confidential data breaches ranged from VTech the children’s toy manufacturer, to the US Internal Revenue Service, to the UK’s phone and broadband internet provider, Talk Talk. There was even a “live demo” of a Chrysler-Jeep being hacked on the highway. How do hackers get in? A common tactic is via employees innocently clicking bogus links in emails or bringing malware-infected personal devices into the workplace. Crucially, hackers can find their way into big brands via small company suppliers where security may be weaker. The message is simple: all businesses need to ensure their online defences are as strong as possible.
- New payment methods: faster transactions but new threats
2015 was the year that new payment methods really seemed to take off. On the one hand, “contactless” bank cards allowed consumers to make payments by tapping a card against a terminal without having to swipe and enter a PIN. But this use of RFID technology also gives cybercriminals a new opportunity to steal data – if they can get close enough.Likewise, smartphone payments – such as Apple Pay and Android Pay – are turning phones into wallets. That means thinking about your phone’s physical and cyber security. So is your business taking every possible step to keep its data – and customers’ data – as safe as possible in this new world of faster and mobile payments?
- Bring your own device can allow hackers through the office door
How many of your employees bring their own mobile devices to work and use them to check and send work-related emails, access spreadsheets or other company data? So don’t forget to protect mobile devices in business, they are as vulnerable as desktop devices and carry business critical data. Two mobile hacks in 2015 reminded us all of how vulnerable smartphones can be: the MMS messages with a hidden sting, and the Stagefright 2.0 vulnerabilities in the Android operating system.
- Don’t think your Mac device is a safe bet!
Part of the Apple myth is that its devices are always malware free; indeed, remember those old “I’m a Mac, I’m a PC” ads from the late 90s with the actor representing the PC catching a terrible cold versus the healthy young Mac? That myth was truly tested in 2015 when fake developer tools that were used to create iOS apps containing malicious code known as “XcodeGhost” made their way onto the Apple App Store. The moral of the story? If you’re using Apple tech, make sure you’re taking security seriously … you can still catch a cold.
- We’re only human!
An error this year by an individual at the UK holiday firm Thomson was a timely reminder that however tight your online security, human beings make mistakes. Data about the name, home address, telephone number and flight information of 458 people were attached in error to an email. The simple lesson? Everyone should take a moment to think twice before attaching documents to an email and hitting send. Just ask the question: what I am sending and should this be shared in this way?
So there we are: five lessons from the outgoing year to remind us of the critical need to keep business security top of mind.
For more tips, insights and product information to keep your business protected, check out our web site at http://www.avg.com/internet-security-business. We look forward to helping keep you and your business safe as we head into the 2016!
January 11, 2016