Protect yourself from 'friendly' hackers28 January 2005
Unauthorised access to your computer systems, known as hacking, involves someone breaking into your IT system without consent - and the threat can come from inside or outside your business.
While most people wisely focus on firewalls and intrusion detection systems, a far more dangerous avenue has opened up to hackers. Rather than spending time and effort trying to crack their way into your system, in most cases, it is far more easy to trick innocent users to give up their passwords by simply phoning them up.
Password protection?
One of the major opportunities for hackers is that most people have a lot more passwords to remember than they used to. With so many passwords to remember, it isn't uncommon for people to use the same password in more than one location. Therefore, the person might use the same password at work as to log on to the Internet at home.
There have been numerous cases in which hackers have set up websites advertising a fake competition. They then require anyone registering for the competition to give a username and password for future access to the site. Soon a database of thousands of usernames and passwords is compiled. A 'robot' program then attempts to log on to many websites using the various usernames and passwords.
The hacker uses the information from these sites to get more information i.e. if a hacker can get into a person's webmail account, he or she could work out where the person works and then try to break into that company's computers using the same or similar username and password combination.
The only real defence against this type of hacking is to use passwords which use both letters and numbers - and try to use different passwords for each computer or application.
The Computer Misuse Act makes it an offence to gain unauthorised access to a computer, even if no damage is done and no files are tampered with. Anyone who accesses a computer without authorisation faces a maximum six-month prison sentence, or a maximum fine of £2,000, or both. While this is a deterrent, you should make sure you're aware of the risks of using the same password twice.
Remember - anyone who needs to know your passwords should already know it. Never distribute your passwords to anyone.
