Learned from Facebook Abuse
Unlike a hacked site that recently stole credit card information from a major retailer, the company in question, Cambridge Analytica, does indeed have the right to use that data learned.
Unfortunately, they learned this information without permission and in ways that clearly mislead Facebook users and Facebook itself.
Facebook CEO Mark Zuckerberg has pledged to make changes to prevent similar misuse of the information in the future, but it looks like many of these changes will be made internally.
Individuals and companies still need to take steps to ensure that their information is as safe and secure as possible.
For individuals, to learned the process of increasing online protection is fairly straightforward. This can range from completely leaving sites like Facebook, to giving up so-called free games and quiz sites, where you are asked to provide access to your information and that of your friends.
A separate approach is to use different accounts. Can be used to access important financial sites. The second and others can be used for social media pages. Using multiple accounts can create a lot more work, but it adds an extra layer of protection against attackers from your key data.
On the other hand, companies need a more comprehensive approach. While almost everyone uses firewalls, access control lists, account encryption, and more to prevent hacking, many companies cannot support the structures that go into the data.
One example is companies that use user accounts with rules to ensure that passwords are changed regularly, but neglect to change the credentials of their infrastructure devices for firewalls, routers, or password switches. In fact, many of them never change.
Those using web data services must also change their passwords. Accessing them requires usernames and passwords or API keys that were generated when the app was created, but again rarely change. A former employee who knew the API security key for the credit card gateway could access the data even if he was no longer employed by the company.
Things could get worse. Many large companies use additional companies to help develop applications. In this scenario, the software is copied to additional servers in the enterprise and can contain the same API key or username/password combination that is used in the production application. Since most of them change infrequently, disgruntled third-party employees now have access to all the information they need to get the data.
You should also take additional measures to prevent data leakage. It includes …
• Identifies all devices involved in public access to corporate data, including firewalls, routers, switches, servers, etc. Develop detailed access control lists (ACLs) for all of these devices. Change the passwords used to these devices again as often as possible, and change them when any member of any ACL on that line leaves the company.
• Defines all passwords for embedded applications that access data. These are passwords that are built into applications that access data. Change this password as often as possible. Change it when someone working on one of these software packages leaves the company.
• When using a third-party company to assist with application development, create separate third-party credentials and change them as often as possible.
• If you are using an API key to access the web service, request a new key when the person involved in the web service leaves the company.
• Anticipate violations learned and develop plans to detect and suppress them. How do companies protect themselves from this? A bit difficult, but not out of reach. Most database systems have auditing built-in, and unfortunately, it is either not used properly or not at all.
For example, if the database has a data table that contains customer or employee data. As an application developer, an application can expect an application to access this data, however, if a special query is made that requests most of this data, a properly configured database audit should at least give a warning that this is happening.
• Using change management to control changes. Change management software needs to be installed to simplify management and tracking. Lock all non-production accounts until the change request is active.
• Don’t rely on internal audits. When the company is launched.
Web Tech Pro provides you tips and tricks about technology. If you like my posts then like and share them with your friends. if you like our post then please share it with your friends and bookmark our Blog for our support. thanks, if you want to learn more then click here below:
You can also like my popular post below link is available