As people know in the IT industry, good information security is a combination of good security protocol and judicious practices. The trouble is that so many people are ignorant of basic cyber-security concepts. They aren’t typically dumb on purpose—they just don’t know any better.
The email problem
A friend of mine works at a local outdoor retailer selling large orders to customers that don’t go through the main site. Typically, these large orders are invoiced rather than being paid for right away, which means the client placing the order needs to have a credit card on file so the retailer can charge it in the event that the invoice isn’t paid—a very common practice for vendors like these.
We were sitting on the couch when my friend checked his email from his phone. In the email, one of his clients included his credit card number and expiration date so my friend could keep it on file.
Sending credit card information through an email probably didn’t seem like a big deal to this client. In fact, he was probably just trying to get things done quickly and making sure my friend had what he needed to put the order through. But let’s look at this situation more closely.
It may seem like this email was going safely from one business to another, but when you’re sending sensitive information through email, you’re not always protected the same way you would be through a secure website. This sensitive information landed in my friend’s email box, which can be accessed on his work computer, his phone, or really anywhere with an Internet connection. If my friend happened to leave his phone somewhere, or if it was stolen (both are things that happen every day), anybody could find that info in his inbox. Plus, I know my friend doesn’t use a pin or password to protect access to his phone, meaning there is nothing between a person and that sensitive information.
Not only that, but can we really be sure the messages sent between this client and my friend were secure to begin with? Email goes through a number of routers, mail servers, and so forth, many of which can be vulnerable gateways that allow criminals to see unencrypted messages—it’s never the wisest option.
Of course, my friend isn’t so security ignorant. He usually asks for credit information over the phone, rather than through email. This client was just trying to get a leg up, which is fine in most cases, and there are ways to send these types of messages safely. The Washington Post suggests encrypting your email yourself, which really isn’t terribly tough. In fact, this guide on Lifehacker walks you through how to encrypt your emails, step-by-step, using a variety of email clients.
The text problem
My friends and I often owe each other money. A few bucks for dinner here, a beer there, whatever. Most often we just transfer each other money securely online since we all use the same credit union. It’s pretty easy. The problem is that we can’t remember each other’s accounts numbers, so we need to share that sensitive piece of information every time we need to transfer something between our accounts. Usually this is done orally, though in some cases one of us needs to transfer money someone who isn’t present. The easiest way to send the info is through text message, but that carries its own risks.
According to a piece in Slate, there are few ways criminals intercept texts. One way is by cloning your phone, which would involve them getting access to your SIM card to make a copy, and using the clone phone as though it were your phone. Alternatively, there’s firmware that allows another phone to steal your messages over cellular channels, but only assuming your carrier doesn’t use more advanced encryption. Third, and this is for heavy-hitters like those in law enforcement, there are devices designed to intercept texts, but these can cost as much as $1 million, making them a little out-of-reach for the average criminal.
The easy solution is to not send sensitive info over text messages, but as we know, it’s easy to trade security for convenience, though security doesn’t always have to be a nuisance. Secure messaging apps can make it simple and there are a number available, all of which having various features and capabilities. Additionally, there are specially-built smart phones like the Black Phone that are designed with maximum security and privacy in mind and basically encrypt everything. We’ll explore these in a later article.
It’s becoming easier to just not worry about Internet privacy, but as the Washington Post suggests, we really don’t have to be so lax about security. We all have information we’d rather keep private, whether it’s simple communications with friends, or sensitive business information between businesses and clients. Neither you nor your business can stand to share critical information in anything but a secure manner. There are thousands of people who aren’t necessarily after your information specifically, they’re after any information they can get. Most crime is an act of opportunity and the more you can do to prevent cyber-crime from happening to you, the better off you or your business will be. Keep secure communication methods in mind when thinking about any information sharing.
Photo Credit: Digitpedia Com via Flickr