How dangerous can Pineapples be?
Somewhere out there is a greengrocer with a nasty tale to tell involving tropical fruit and unusual injury – but I’m talking about a different kind of Pineapple here.
The risk to your business’s data and technology used to stem from the more physical likelihood of leaving your laptop on a train. Now we confidently use multiple devices in many locations. But there is still one major component we rely up on to access our data – the password.
No matter how many security products you have installed or how enterprise level your security processes are, if anyone with malicious intent can gain your password it makes it much easier for them access your personal or business accounts and data. We’re often reminded to use different passwords for different web logins but let’s be honest, some people will only have one and many people have a small bank of passwords they’ll reuse. If they can gain just one password to access your email account the snowball can grow quickly - they then have access to request password changes on multiple other accounts.
There are a few ways of getting close to this information. Social engineering – where a hacker will search your profile on various websites to gain information about you – has been popular in recent times. But, with a small investment and a basic level of skill there are even quicker and easier ways. Including the Pineapple.
A Pineapple can look a little like a walkie talkie – it’s inconspicuous, battery powered, can live in a bag or a pocket and costs very little. Under $100. And it’s available easily on the web complete or simply built from a few electronic parts.
All our wireless devices, iPhones, Blackberry’s, tablets and laptops broadcast info without us really knowing about it. For our own convenience we set our phones to trust networks that we know at home or office. The Pineapple can “spoof” this trusted network and allows your device to auto-connect (even if you’ve told it not to!) then allows you to access the web normally.
And that’s where the hack comes. Perhaps whilst you take advantage of an open network at a coffee shop or airport lounge you choose to visit your webmail or other account, enter the strong password with uppercase letters, numbers and special characters you created... and the hacker sees the site you visit as well as the username and password you enter through a simple piece of software.
Any one running a business today will be aware of how much they rely on the internet, not just for convenience but for the basic running of a business. Losing access to your twitter feed and all the connections you’ve built up on LinkedIn might be more than inconvenient. Losing access to your business bank account or payroll system might be disastrous.
So what can you do to mitigate this risk? Well unfortunately it’s pretty difficult and it really comes down to a trade-off between security and convenience. One of the simplest and most convenient ways to protect your self is to set up two stage verification on every account that allows it (this includes Twitter, Googlemail etc). By forcing the site to send a text message your phone it means, even if your password is compromised it can’t be reset just with a simple email reset request. Although this won’t stop you getting hacked in the first instance it might prevent an inconvenience turning into a catastrophe.
Cyber Insurance policies are available which cover different risks but there may or not be one that suits your business or budget. Alternatively there a few ways you can try to avoid pineapples altogether:
- Avoid open Wi-Fi networks – if it’s WPA encrypted you’ll be safer so only access networks where you have to enter a password. Although if everyone in the coffee shop is using the same shared key that doesn’t really help matters!
- Turn off Wi-Fi altogether – at least when you’re away from your own networks. Using 3G/4G means you’re connecting more safely. Alternatively use an Ethernet cable to a laptop if it’s available.
- Use a VPN - a bit more enterprise level. If your business has this set up you’ll likely be serious about your systems. The important thing is always to use it.