These days security is not something you “should be doing someday”. Security is something that is critical to your company and needs to be managed every day and updated regularly. If you need a place to start (it is never too late) you can focus on the Top 5 Security Things You Should Do Right Now. Once you have that under control, you can start looking into these 3 security vulnerabilities plus a bonus 4th one.
- Do you have a fax machine? Is it plugged into your network? You know, one of those multi-function machines or a multi-function copier in your office? If you do, then you need to do something different or you could be a victim of a security breach one day. Turns out that fax technology, being so “old” (it has been around for more than 30 years), is not secure at all (not a big surprise). Hackers have figured out a way to dial into your fax machine and from there hop onto your network to gain access to servers and data. It can be done easier than you think. This Wired article FAX MACHINES ARE STILL EVERYWHERE, AND WILDLY INSECURE gives more detail on the situation. I recommend switching to a hosted faxing service. There are plenty of options available and they do not cost much.
- Are you using MFA (Multi-Factor Authentication) for your critical applications? I hope you are, but did you know that using SMS (Text Messaging) for MFA has security risks? Turns out that SMS is pretty easy to spoof or social engineer to get around. The Verge has a good article This is why you shouldn’t use texts for two-factor authentication giving you an example of this. Instead of using SMS you should use an app based MFA like Google Authenticator.
- It is not a secret that you should have good passwords. They should be complex and include upper case, lower case, numbers, and other special characters. I recently found out from a security firm hacker that longer really is better. I always held the standard that at least 8 characters and complex is fine. Turns out, it’s not long enough. The hacker was saying that a system can break an 8 character complex password eventually, but doing a 15 character complex password makes the effort to break it geometrically harder and closer to impossible.
- Bonus! Have you ever used a public USB charging station to make sure your phone does not die? I’m sure you’ve seen them, like the ones at the airport, train station, or Starbucks? They are super convenient and easy to use by just plugging in your USB cable for a quick charge. Well, you might want to think twice about doing this in the future. Turns out that some old telecom commands could still be running on your phone and be used to hack into your device. Wired has a good article EXPLOITING DECADES-OLD TELEPHONE TECH TO BREAK INTO ANDROID DEVICES on this topic. The easy work around is to use your own charger and plug it into a wall outlet.
When it comes to security you can always do better. The goal is to find the things that do not take a lot of time or money and focus on those first. Most of the security breaches are caused by pretty basic things not being done (like Windows updates). Now that you know, go and do better!