LightBlog

jeudi 25 janvier 2018

Five Privacy Tips For Making Mobile Users Safer in 2018

In 2021, cybercriminals will cost the world $6 trillion according to Cybersecurity Ventures.

That's a massive chunk of cash.

Unfortunately, you don't have to wait three more years to experience the detriment of hackers. You can experience it in 2018.

The world will spend $93 billion to add online security and fight against data breaches in the coming year.

But consumers aren't being proactive enough. They're still using the same "1234" passwords. And they still don't know how two-factor authentication works.

That means that it's up to you to provide the primary defense.

And by protecting your customers from cybercriminals, you're also defending your business against a lawsuit, a loss of trustworthiness in the eyes of your customers, and sinking revenue. (So your job won't go bye-bye.)

Here are five privacy tips you should use to protect your users and your business from hackers in 2018.

1. Encrypt Local Storage

Occasionally, you'll want to store user data on each user's device.

It speeds up the login process and makes your life easier. Customers might be able to log in with less difficulty or access the application offline.

But all of that convenience comes at a risk. Namely, that since the data is local to the user's device, it's particularly susceptible to cybercriminals if left unencrypted.

Especially if the users don't take any precautions of their own. Which, by and large, they won't.

Sure. Some savvy customers might use a VPN. But most customers won't, and some international customers can't.

Especially if your market caters to people of all countries. China and Iran, for instance, have completely outlawed the use of VPNs, making it difficult for customers in those countries to adequately protect themselves from hackers.

Not only that, but even those protective measures (like using a VPN) can be insufficient for issues like DNS leaks. Some legit VPN providers have extra safeguards in place. NordVPN, for example, has DNS leak protection. But not all have those extra safeguards.

And most consumers have no idea what a DNS leak is — even those using a VPN who think they're "safe." And, of course, your job is to be there for the customers who either can't protect their privacy or don't know how to.

Since identity thieves alone stole $16 billion from 15.4 million U.S. consumers in 2016, you don't want to give cybercriminals an edge. Because according to those numbers, they don't even need an edge to completely wreak havoc.

Even basic local encryption can place an extra hurdle between cybercriminals and customer session data. It's not foolproof by any means. But it's the first battle in a longer, all-out war.

2. Add Password Requirements

People are notoriously guilty of using the same password for all of their online accounts.

Brace yourself. This next stat will make you sick to your stomach.

Over 80% of adults reuse the same password across multiple accounts. It's as high as 87% with millennials (who're supposed to be 'digital natives').

And here's what's worse:

The five most common passwords of 2014 were "123456," "password," "12345," "12345678," and "qwerty." No joke.

And while that stat is a bit dated, the rise in online tools and technology will require more accounts and passwords per capita, not less. Which means that, if anything, this problem is getting worse.

You're going to have to do a bit of extra work. But fortunately, you can push this one back to your customers' plates first.

You can easily require passwords with longer character counts that contain unique numbers, symbols, and case-sensitive letters to force users to amend their go-to passwords.

Yes, it will be a little less convenient for them. You'll probably experience a spike in password resets.

But it's also one of the easiest ways that you can help them protect themselves from… themselves.

3. Store Data in the Cloud

With local storage, you have direct access to your customer data and complete control over it. This means you can protect it and back it up how you want to, and users can access it whenever they want to.

That's a nice feeling… unless, of course, the cost associated with local storage on external hard drives far outweighs its benefits — which it does.

Not only do you have to create and maintain a local storage system, but you also have to hire people who are fully dedicated to cybersecurity and backup testing. And that's without mentioning the massive cost of buying more storage or the potential risk of an on-site disaster.

In other words, while local storage feels safer, it isn't.

Storing data in the cloud, on the other hand, gives you all the benefits of a local storage system at a fraction of the cost.

The backup data is always off-site. That means that an on-site disaster can't totally cripple your business, the cost of upgrading to a larger data plan is far less expensive, and cloud storage providers can help you troubleshoot any potential problems.

So on top of the storage itself, you're also getting support and expertise.

That ease of use is probably the reason that global annual spending on public cloud services is predicted to grow to $141 billion by 2019. 51% of big and midsize companies plan to increase their cloud investment, and Gartner predicts a no-cloud policy will be as extinct by 2020 as a no-internet policy is today.

Some of you with massive businesses and equally massive budgets will decide to use local storage despite its shortcomings. And that's not a bad thing. Local storage is a great option if you can afford the massive cost.

But for the vast majority of businesses, cloud storage is more affordable, less demanding, more secure for your customers, and more technically helpful for you.

4. End Long Credential Entry Sessions

Every piece of technology is most vulnerable when hacked by untechnical methods.

Phisher, spear phishing, pretexting, and baiting are just a few of the ways that identity thieves try to steal your customers' data.

Unfortunately, most of your customers probably have no idea. Which is why social engineering is so effective at stealing data from all of those unsuspecting customers. For instance, social engineering is now the top technique for "cyber" criminal. It's used in two-thirds of all hacking attempts.

Social engineering appeals to criminals because, well, they don't have to know much about data systems and hard drives to get your customers' information. As Michele Fincher from Social Engineer, says,

"Malicious social engineers aren't necessarily very technical people, but they're crafty and clever in the way they think."

Fortunately, you can protect your customers from at least some of these attempts. When a user leaves their phone on their desk and a nearby onlooker steals it, you can save the day. And you can do so by ending long credential entry sessions.

Even iCloud uses this security protocol with its customers.

Once again, it's not foolproof. But it does restrict the number of times someone can con a coworker into accessing your sensitive data without you knowing.

It's one more simple defense against untechnical cybercriminals. One that might occasionally frustrate customers when they have to log in again, but one they'll thank you for when a criminal steals their phone and tries to steal their data… but can't.

5. Use Two-Factor Authentication

Remember that earlier bit about people using the same password over and over and over again?

The same study found that on average only six passwords guard 24 different online accounts.

Reusing the same go-to passwords does make it a little easier to access accounts. But even a basic variation on an existing one isn't enough to dissuade sophisticated cybercriminals for very long.

In other words, your customers don't understand the danger of reusing simple (and terrible) password combinations across accounts. And they definitely don't understand how that puts your data at risk.

If a cybercriminal gets ahold of one of a customer's passwords through some other online account, there's a decent chance that they also now have access to that customer's account for your business.

In the end, it's no big surprise that two in five people had an online account hacked in 2015.

Two-factor authentication is one way you can protect your customers from cybercriminals trying to access their account. There are two basic times that two-factor authentication is critical.

1. If the user logs in from a new and unrecognized device.

2. If the user's information is particularly sensitive.

Fortunately, large companies have started rolling this out more frequently. Google, for instance, is trying to force user adoption on their biggest platforms.

They're also using this in combination with transit encryption and threat detection. So customers are becoming more used to the extra step (and hassle) to safeguard critical accounts.

It might sound remarkably inconvenient for your customers. After all, what if the user doesn't have their phone on them to receive a text message code?

Well, more often than not, that concern is completely unfounded. People check their phones thousands of times a day. And thanks to good ol' nomophobia (the fear of not having your phone), most people rarely leave their phones behind.

In fact, your customers might actually appreciate that two-step process. Seven in ten people distrust passwords, but 86% of people who use 2FA feel their accounts are more secure.

Of course, 2FA probably won't solve everything. But according to Symantec, it could prevent 80% of security breaches.

Conclusion

Cyber attacks can result in several nightmares for your business.

They can cause damaged trust with users, lawsuits, fines, and ransom payments. Or, on the other hand, they can be an opportunity to prove how much you care about your customers' privacy — more than they even care about their own.

Because the reality is that your users probably aren't going to protect themselves. They don't understand how cybersecurity works, and they definitely don't know how to protect themselves from cybercriminals.

You, on the other hand, do.

And encrypting local storage, adding password requirements, storing data in the cloud, ending long credential entry sessions, and using 2FA will ensure that you're doing everything you can to protect your customers.

This isn't an exhaustive list of cybersecurity strategies. But it is a fast, easy head start. And it's a lot safer than letting your customers take the lead.



from xda-developers http://ift.tt/2Gg5zok
via IFTTT

Aucun commentaire:

Enregistrer un commentaire