Safe on Social Media? Don’t Bank on It

Often when we hear of “hacking” or more correctly “cyber hacking”, we hear about how personally identifiable information or secure information has been compromised. This can take the form of files and images or it can be photos, information that confirms our identity and more.

And while a great deal of attention is spent on securing digital systems, one of the most common forms of cyber hacking is “social engineering”. This is where small amounts of personal information are taken from your online profiles and then used to broker more detailed information about you. For example, checking in to a hotel via social media can yield surprisingly useful information that can be used to gain more worrying data, such as your date of birth or address.

How does this work? This interview / experiment from CNN will raise your eyebrows.

Wordfence Launches Cyber Attack Activity Report

No matter whether you run a personal blog or a professional website, you will find yourself at some stage, the victim of a cyber attack. These cyber attacks, often referred to incorrectly in the mainstream media as “hacking” can take a variety of forms including:
  • DDOS – distributed denial of service attacks engage networks of computers to bombard your server with requests
  • Brute force attacks – where the attacker attempts to guess your login details usually using an automated system that can send hundreds if not thousands of requests very quickly
  • Malware / spyware – where a piece of malicious code is inserted into your system which allows another person (or a program) to take over your computer
  • Ransomware – where a small program activates on your computer, encrypting all your data requiring the payment of ransom before you are sent a key to unlock your own machine.

Despite the relative openness and transparency on the web, few people or firms openly talk about cyber attack. This means it is difficult to gauge just how widespread these cyber attacks actually are and whether we should be personally or professionally concerned about this phenomenon.
Now, each month, creator of the WordPress firewall plugin, WordFence, have begun producing a regular report on cyber attacks. This report collates attack information based on the plugin’s install base (WordPress powered websites and blogs all around the world). And while this is just a subset of websites and platforms that live on the internet, it provides a great insight into cyber attacks, including:

  • The IP address from which the attack originated
  • Country of origination
  • Number of attacks launched
  • Types of attacks.
This first report reveals that 13 out of the top 25 IP addresses originate in the Ukraine. France comes in second with 7. As the report explains:
Most of these originate from Iliad Enterprises. Iliad is a large organization with many subsidiaries and over 4000 employees. They tried to buy T-Mobile in the USA 2 years ago. The netblock for these IPs is registered to Iliad, but the attacks may originate from one of many subsidiaries of Iliad, like the ISP ‘Free’ in France.
So, how many attacks are we seeing? The report states that there were:
  • 63 million complex attacks – attempts to exploit weaknesses in your website code, plugins or database
  • 67 million brute force attacks – attempts to guess your passwords and user IDs.
What can you do about your WordPress / web security?
One of the biggest holes in your website / WordPress security will be patches. Make sure you are:
  • Regularly patching your site – updating it with the latest changes
  • Regularly updating your plugins – turn off the plugins and functionality that you don’t use, and update the ones you do.
There are also some basic security approaches that you should implement, including:
  • Complex user passwords – require that your users all have complex passwords that consist of upper and lower case characters, numbers and symbols and have a substantial length (more than 8 characters)
  • Put in place a mechanism that blocks users after a small number of unsuccessful login attempts
  • Add a web firewall to monitor and protect your code from unauthorised updates.
Why should you care?
Even if you are running a small business, cyber security is an issue for you and your brand. Sites that are affected by malware, for example, will find themselves blacklisted by Google. That means that every time someone searches for your business or tries to visit your webpage, Google will step in and ask you whether you want to proceed to an “insecure” website. And then, of course, there are other issues – from loss of files, customer data and more.
Quite simply, these days, brands simply cannot afford to be lax. The good thing is, that there are a growing number of integrated solutions and plugins for most platforms. Take the time to secure your site and hopefully you won’t have to make the time to clean up a problem down the track.

When the App is Free, You are the Product. Swipe Buster Brings a New Level of Reality

How often to we blithely click “ACCEPT” on the terms and conditions of a new website or app, hungry to explore the digital domain before us? How often do we happily hand over personal information without a second thought?

In the world of social media, it is claimed that we have come to a grudging acceptance that the utility of platforms like Facebook or Twitter far outweighs the cost to our privacy. But is this true? Is it simply the case that we have not yet experienced the full impact of our decisions? Sure we have advertising. Targeting. Remarketing. Automation and nurturing. And more.

But what happens when our private information is available at a fee. To any buyer?

New app, Swipe Buster now lets you find out if someone is using the dating app Tinder. You could, for example, enter your partner’s details – and for $5 tap the Tinder API to reveal the answer. Of course, you could also use Swipe Buster for more mischievous purposes.

SB-Anim

In this world of ever increasing transparency, privacy and cyber security is becoming a hotter and hotter topic. I have said previously that cyber security is now part of your brand – but it goes further than this. HOW you choose to commercialise “your” data can radically impact the lives of your customers.

There is no doubt that “we” are the product being sold across an infinite web of social connections. In aggregate this may not worry us too much. But as more of these kind of platforms emerge, seeking to monetise the vast data in storage, we may well regret our decision to accept those terms and conditions.

And those businesses that have built their valuations on public trust may find them suddenly friendless.

Hack the Hacker: Using Analytics to Respond to Cyber Security Threats

When your computer network, PC or laptop is compromised you know you are in for a world of pain. Not only do you face significant down time, there are additional problems:

  • Identity theft – have stored passwords been harvested and shared via dark nets like 4chan?
  • Credit card fraud – have your credit card details been sold in a bulk lot online?
  • Business data – have you exposed your company or employer to reputational and other damage?
  • Digital reputation – has the breach caused Google to take your site or platform down?

The problem is the scale of the challenge. In 2014 there were:

  • Over 42 million cyber attacks worldwide
  • Representing a 50% increase year-on-year

The thing is, 100% – that is, all – cyber attacks used valid credentials. Which means you need to be thinking proactively about your cyber security. It’s too late once the attack has started.

This infographic from Sumologic sets out facts and figures that will make your eyes water. But what is clear is that cyber security is no longer just the responsibility of the CIO. It’s now an important part of your brand.

Sumo-Logic_Security_IG_Final

Cyber Security is Now an Important Part of Your Brand

In workshops, presentations and executive briefings, I continue to push one clear message. Experience is the Currency of Your Brand. This new consumerverse that we have found ourselves in goes beyond the simple notion of being “customer centric” – to the heart of what it means to be invited into the lives of our customers. For no matter whether we are engaging prospects in a buyer’s journey and nurturing their engagement through to a purchase, or we are working with a community of passionate brand advocates (and yes, they do exist), it’s important to remember that the brand – our brand – never really sits at the centre of our customer’s lives. They sit at the centre of ours.

Increasingly, the experience of engaging with a brand occurs online. When you map out a customer or buyer’s journey, it soon becomes clear that the majority of brand touchpoints are digital. It could be a banner or Facebook ad that kicks off the process for a buyer. It could be an Instagram photo or associated hashtag. It is estimated that around 60% (or more) of the purchase decision is made before customers engage a brand – so that is a significant percentage of non-owned brand experience that is taking place.

Moving your customer from unknown to known

One of the simplest ways of moving your potential customer from unknown to known, is for them to share some information with you. It could be their name, an email address or a Twitter handle. They may leave a comment via Facebook or Instagram. Or they may even call your call centre. But as soon as they do, it means you have an opportunity to engage them more directly. It’s a great opportunity for personalisation or targeted content/engagement.

BUT there are also risks.

Cyber security is about brand trust

When storing customer’s details, you have a duty to do so securely. Not just because of privacy policies or even local laws. Your duty is to protect the TRUST that has been bestowed upon you. And we will hear more about this through 2016. As I write, books are being printed on the subject of “trust” by thought leaders, analysts and marketers around the world. It’s a hot topic because it has a direct impact on our ability to deliver our brand promise. This flows on to brand reputation and even market capitalisation.

Trust is also a hot topic because we are now seeing far more sophisticated digital attacks that are difficult to detect and fix. Take, for example, the strain of malware that impacted the Melbourne Health computer networks in early January 2016. Malware is a type of malicious software that is used to gain access to computer networks to gather information, show unwanted information/advertising and to generally disrupt computer operation. In more extreme examples, we are seeing a type of malware called ransomware encrypting whole networks and hard drives and demanding a ransom to unlock the system.

As IT News reported:

The malware downed the hospital’s pathology systems and forced staff into manual workarounds.

It made its way into the health department through an unnamed zero-day exploit in Windows XP computers, past the agency’s full enterprise antivirus suite.

cyber-security

The Melbourne Health attack has been programmed to “self mutate” which means that it is constantly changing its own internal software structure, writing and re-writing itself as a way of escaping detection. Three weeks after the infestation, it seems that the Melbourne Health IT Team is starting to come to grips with the challenge.

But ask yourself – could your business cope with three weeks of business disruption? How would your new “autonomous vehicle” product team deal with the kind of challenge that Fiat Chrysler encountered last year? Would your new “internet of things” startup cope with a security breach due to something like the Heartbleed bug?

Perhaps the greatest lesson we can learn from the Ashley Madison hack is about the importance of trust and fidelity. To paraphrase Ashley Madison’s tag line – “Customer attention is short. Have good security”.