Secure Your Online Assets

socialengineeringsecuritySocial Engineering is term that’s been around for a decade or more. The term is often used in reference to obtaining online or identity information for nefarious purposes. When considering security of your banking, credit card or even your company’s online assets like domain name or social accounts, there is weakness in the human side. The human side occurs when you call your institution, identify yourself and get them to make changes or give you access.

griftingThieves and criminals are good at talking with these people and getting them to give up your information. As outraged as you might be you are still liable and the recourse used to fix this in the courts or justice system is often unable to help in time to make a difference . Here is a story of an individual that lost a valuable online asset, their Twitter handle. Before you scoff and say that is worthless to you understand two things: the twitter handle can easily be sold for $50,000, this same process can work to accessing your website and you banking information.

I own several domains and use some of them for financial and other social sites (no longer as of today.) I realized that I was risking my entire financial future on a domain name service keeping one bit of information protected. I’ll sum up the particular weakness that this person fell to. Since he used a private domain supported by GoDaddy.com the attacker effectively obtained control of it and used it to control his email address. That opens the flood of password resets and information to get access to a lot of information.

If you have a business ask your IT person what would happen if you lost control of your domain (your URL like www.mycompany.com). Now this is only one of many weaknesses in the chain but my recommendation is that you maintain your company email and URL for communication and outward appearances while all back-office operations be managed from a direct more secure email service.


No Comments

Comments Closed