Security - Lessons learned

Even those of us in the IT industry are still vunerable to cyber crime. Just today I recieved a phone call from my bank informing me that "there's been a lot of transactions on your debit card this weekend" and "I assume you didn't buy an Egypt Air ticket from Cairo to..." [wherever]. Needless to say, I wasn't impressed and it prompted me to re-evaluate my own situation and write this article.

So, just how do you protect yourself in this day and age where you're most likely needing to perform some degree of internet based purchasing? In my line of work (running a small IT consultancy) where I supply hardware and software to customers and purchase a lot of niche tools that I use to run my business (largely from US based companies), sometimes I have no choice but to transact business over the internet.

For internet banking, I'm pretty protected as my bank account uses an RSA key in addition to my account number and password to access and transfer funds. Without the RSA key, it's impossible for anyone to access my internet banking account. The clear flaw in all this, is that I have a debit card attached to my account and it's the most vunerable of all forms of internet banking.

The first thing I realised this morning is that I (quite stupidly) had my debit card connected to my main trading account, leaving a large amount of my funds exposed to potential fraud. The very next step I will be taking is to create another account and have the debit card attached to that account instead of the primary account. This way I can transfer only the money needed to cover the transaction, into the sub account and reduce the exposure to fraud.

Another way you can limit this type of exposure is to use a service like Paypal. By creating a Paypal account and having it linked to the other account in your business you can protect yourself even further (using the limited funds approach). Make sure that you have a strong password on your Paypal account too.

This brings me to passwords.... one of the most important factors in conducting any kind of business on the internet is to make sure that you use strong passwords for every account and make sure that each website that you register an account with has a unique password. My definition of strong is don't use words, use mixed case, and use letters and numbers and at least 20 characters in length (where possible). There are a number of tools out there that can help manage passwords. My personal favourite is 1Password from AgileBits.com

1Password runs on Windows, Macs, iPad, iPhone and Android devices. You can configure 1Password so that it remembers all of your website usernames and passwords and stores them (encypted with AES 128bit keys) securely on your computer or device and you can access the database using any modern webbrowser if you don't have the 1Password app installed locally. You can also store the encypted data on your dropbox for easy syncing across platforms (but I would only recommend this if you use a very strong password on your dropbox account). The best part about using an app like this is that it enters the passwords for you so you don't have to remember them!

So the long and the short of it is...

• Create a separate account that your debit card is attached to (with low funds)
• Don't use a credit or debit card on the internet unless you absolutely have to
• Use an alternate payment method such as Paypal if it's available
• Use secure, strong passwords on all your online shopping and business accounts
• Check your accounts regularly

I hope this gives you something to think about and if nothing else raises your awareness of the options available to you. By taking some precautions and being vigilant you may well be able to avoid the fraudsters' reach.