Lessons from: (Reuters) – The hacking of Sony Corp’s PlayStation Network has earned a place in the annals of Internet crime

By Pamela Gleeson ( April 29, 2011 at 5:37 am) · Filed under Security

A man walks on a floor advertisement for Sony Corp's PlayStation 3 game console at an electronic store in Tokyo April 27, 2011. REUTERS/Yuriko Nakao

Internet crime is on the rise and companies where you do business are reluctant to talk about it. There is a code of silence because victims want to avoid embarrassment, public scrutiny and falling stock prices. However, it’s hard to hide when this effects 77 million people worldwide.

Be aware. The Reuters article on this topic mentions that a study done by MacAfee showed that the networks of 85% of some 200 power producing companies had been hacked and 1 out of 4 of those were victims of extortion. The 28 page PDF report In the Dark, Crucial Industries Confront Cyberattacks is available here. They are recommending that these industries move beyond passwords to tokens and biometrics indicators, use of network encryption and monitoring for anomalies, increased oversight of how the network is accessed, and effective partnerships with government. What should you do? Most of our clients and readers are not large corporations, however, there are lessons to be learned. One of the first things you should know is the biggest threat to security on the Internet today is insecure passwords. You must use strong passwords, and everyone on your network needs to do the same. To learn how review this security post on simple steps to security and creating strong passwords.

The next thing is to have a secure network. You should hire competent network security specialists to do this work. Contact us if you need advice on this. Equally important, install all security updates on your computer for your operating system and software applications.

Do not install all the latest widgets for your blog or cool apps without investigating their security risks. If you do not know how to do that, we can provide that service. I was recently advised by a reputable social media expert to use a widget for my blog. Of course, I asked my resident security expert, Gerard Gleeson. He said definitely not. Within the month, that very popular blog was down for a good part of the day.

Be aware of the new “spear phishing” threat. This threat targets small groups of people who have something in common and have a higher likelihood of clicking on the link because the perpetrators use enough personal information to make you think they are legitimate and asks you to click on a secure link to a site that looks like one of your banks or other vendors and enter personal information. Meanwhile they are downloading malware to your computer.

Here’s an excerpt from the full FBI article on spear phishing:

Keep in mind that most companies, banks, agencies, etc., don’t request personal information via e-mail. If in doubt, give them a call (but don’t use the phone number contained in the e-mail—that’s usually phony as well).

Use a phishing filter…many of the latest web browsers have them built in or offer them as plug-ins.

Never follow a link to a secure site from an e-mail—always enter the URL manually.

Don’t be fooled (especially today) by the latest scams. Visit the Internet Crime Complaint Center (IC3) and “LooksTooGoodToBeTrue” websites for tips and information.

Please add your comments and questions to this blog post and share it with your friends, family and colleagues.

Share or Bookmark: