It’s really easy to sit back and think to ourselves that the Ashley Madison hack is going to hurt those who had it coming. I mean after all, they chose to use a service that encourages infidelity, they got what’s coming to them. It’s always easy to take the moral high ground and forget about the ramifications of what this hack might mean to those of us who never touched the service. Regardless of what you think of the users of Ashley Madison on a moral level, what is happening to them is still illegal and goes to prove my point in many other security articles I’ve written, we’ve only seen the tip of the iceberg.
Information security is now going to become the biggest priority for business and government as Ashley Madison continues to reveal herself and her users. Among the data in the dump are thousands of government email addresses and even politicians who were using this service. As the days go by we’ll probably continue to see more prominent names and data being leaked out. The point being made is, this could be any website or service that gets hacked. Netflix, Amazon, Google, Apple all could be vulnerable to attack and imagine how many users they have. We already know Target, Home Depot and other retailers have been hit and more will follow.
The conversation among us seems to revolve around the users of Ashley Madison more than the crime committed against Ashley Madison and its users. Companies need to tighten up the drawstrings on computer security. The time of the hackers is here and if companies and government don’t start taking this more seriously, we’re in for some huge problems in the foreseeable future.
What can you do to protect yourself? While you can’t protect a company’s systems and servers, you can try and minimize the effect on your own accounts. For years security experts have preached strong passwords and that sermon remains the same. Oftentimes we pick something easy to remember for convenience but when your bank accounts are being drained and your identity stolen, you’ll see quickly it wasn’t so convenient.
Pick strong passwords, activate two-factor authentication on your Apple, Google, Dropbox, Twitter, Facebook and other accounts that offer that service (future article coming on how to do this). Try not to store any sensitive data in a cloud service, buy a NAS (network attached storage) drive and store it locally at home with password protection and encryption. Don’t access bank accounts or sensitive accounts via public Wi-Fi (or unsecured networks). Even on an https: connection, there are still ways hackers can manipulate that. Those are just a few ways you can protect your personal files and data at home but that still leaves your shared data with companies at risk.
Keeping your passwords to websites strong will help if a company does happen to get hacked. The hackers will likely start to crack the easier more simple passwords before they get to the more complex ones giving you and the company time to manage the situation. For now though, companies of all shapes and sizes need to invest in better information security to prevent these hacks as best they can. This is an ever evolving technological game and if they’re not staying ahead of the bad guys, we’re all screwed.