Wednesday, 27 August 2014

Computer Hacking - Things you need to know- How and Prevention

Computer Hacking - Things you need to know- How and Prevention


This blog is about the general network/data security knowledge that everyone working in an office setup with desktops and laptops should know. In an Internet age, with every computer hooked to internet, it has become very easy for any one to gain access and cause havoc. Some awareness of internet security can go a long way in preventing such security breaches.

Damages from Internet/Data security breach and computer hacking:

a) Data theft/Loss:  Lets says your credit card number is stolen, then someone can hack into bank account. If your computer password in stolen, someone can delete or steal data from your computer.

b) Loss of customer trust: If you are working for an organization or running an organization that stores customer data, then any theft or loss of customer data can damage the customer trust, bring law suits, and big financial loss.

c) Data/System availability: If someone hacks into your computing device then the hacker can bring the whole system down, install virus/backdoor programs and make the system unusable.


Common ways data security breeches and computer hacking occur:

a) Installing virus or Trojan programs to steal data by sending the virus programs through emails or making users download it automatically when they visit certain web sites.

b) Social engineering- Using the information available on internet or other sources, hackers can try to call the people impersonating as someone else to gather more information required to steal an organization or personal information.

c) Insider job- Majority of the data security breaches or intrusion happen with help of a person from within the organization. The person working in an organization has access to computing assets that can be used to steal data or whatever malicious purpose.

d) Hackers: These are folks who know to hack into IT networks and try various sophisticated ways to get into an organization data network. They can remotely monitor an organizations or personal network set up and find entry points to get into the network.


Prevention of Internet/Data security breach:

Personal users:
a) Keep all your computer passwords secure and strong. Don't give away your password to anyone. Always set up a password for your computer, phones, and tablets. Keep it strong by  making it hard to predict. Don't use your names as password. Use special characters such as #$% in your passwords and use mix of numbers, upper and lower case letters.

b) If you are working always lock your computer/phone before leaving your desk. Do not leave your phone on the desk. Do not write passwords on sheet of paper or yellow sticky and leave it on your desk.

c) Do not install programs from popups and websites that are fishy and not well known. Don't open email attachments that have executable programs. Always use anti virus and malware detection programs. Microsoft defender and security essential is a free anti virus program.

d) Apply the operating system security patches whenever available and prompted by computers to do so. Create a recovery CD of your operating system and if your computer is infected then do a fresh install of OS by reinstalling it from the recovery CD.


Organizations:
a) Every organizations these days have IT security polices and security devices to protect their organizational IT assets. Every employee should follow those security policies.

b) If you are a start up, then better to get the security software at the earliest and protect your network. Common security devices used by companies are Firewalls, Intrusion detections systems, security auditing programs, virus and malware scanners and detectors,etc. If you cannot affords costly devices, then use the open source programs available. 

c) Use VPN (virtual private networks) to connect to office network. VPNs encrypt data during transmission from outside to inside network. Use VPNs if you are a mobile user and connect frequently to office network. Always encrypt emails and any data sent outside the network.

d) Set proper folder permissions on your network so that users not belonging to your organization cannot access it.

e) If you are having any website, make it secure by hosting it on servers behind firewalls. Firewalls are security programs that blocks connection to certain ports of your server/network.

g) Security audit the computer network to identify programs that are more vulnerable to hacking, and find all the ways to secure your network.

f) Keep back up of data on data centers and have disaster recovery plans.