DDoS. Port-level attacks. Crimeware. We know hacks are increasingly growing across networks and against financial services firms. But what does that mean for you? We talked with Dan Guido, co-founder and CEO of the New York-based Trail of Bits, and Hacker in Residence at New York University Polytechnic School of Engineering who explains how to protect yourself even if you don’t know the first thing about a vulnerability analysis.
“Browsing the web, answering email, interacting on social networks, all expose you to potentially malicious activity. You want your valuable data to be as far away from that as possible. The easiest way is to remove what’s meaningful to your business from the environment where it's at risk; use a separate device or computer for social media and email, and another to store business data.
A great thing you can do to protect yourself is trash your old computer and buy a new one. Getting rid of old hardware is the best way to make you most secure. Use the latest versions of OS X and Windows 8, or use an iPad. Those are the most secure devices you can buy. A Chromebook is the same. It’s a tank.
Next? You should never reuse a password. The problem is you don’t know which websites have been hacked or not. If you share a password with a website that's compromised, the hacker has access to other sites that share that password. It’s not whether they can hack into your banking website, but can they hack into the weakest website that shares that password.
Every account you care about should also have two-factor authentication, so when you log on, it sends a text message asking if that’s really you. You text back ‘Yes.’ If someone else is logging in, the site asks for data the hacker won’t have. If you’re using a web service for your business that is storing valuable data, and they don’t support two-factor authentication—you need to ask them why.”