The last couple of days we have seen an immense amount of information sharing in a very short period of time. Quite personal information that has been shared in a permanent and public fashion. Information that endangers multi-billion corporations, government agencies and personal fortunes. With this information in hand, malicious actors have an opportunity to gain access to some of the most sensitive systems people own: bank accounts, ERP’s, CRM systems, intellectual property, and much more.
What happened? Was some multi-factor authentication provider hacked? Did an APT gain access to some secret US intelligence system?
No, much more prosaic than that, actually. I was chatting with my colleague, Tracey, and she reminded me that Saturday, April 10 was National Sibling’s Day and Sunday, April 11 was National Pet’s Day. And guess what people did? They shared names, birthdates, pictures, nicknames of their siblings and their pets all over social media. On LinkedIn, Facebook, Instagram, Twitter, and all the rest.
Many of these same people are using this information to construct passwords or to construct security questions and answers for system access and password resets.
Not only is all of this information now fairly easily obtained with a little bit of automation, but even worse it is available to people who know you best. Why is that bad? Data shows that most crime is committed by and against people who know each other. Just the other day, I was working to help a man regain control of some of his accounts used for his business. Someone in his family had taken control of them by guessing his password correctly and he didn’t have any sort of second factor authentication established. Now he was trying to move faster than the other person to regain control of his online accounts and safeguard his business from a massive theft.
Moral of the story? Sharing personal information that you also use to construct your online security is a horrible idea. Yet many of us do it every single day.
While Milton Security can’t help with everything, we can help with an assessment of your company’s security practices. Including policies and practices related to password management. Click here if you want to find out more.