Well, it’s that time of year again. The holidays are here and life gets put into fast-forward. We scurry here and there, we call everyone and make plans, and we buy, buy, and buy! The problem is…while we do our scurrying, are we paying attention to what we are buying and how we pay for it?
In a recent CBS News “60 Minutes” report, correspondent Lesley Stahl told about the data heist from TJX Corp., the parent company of retailer T.J. Maxx. The problem, it seems, is that retailers store your account information in their electronic cash registers. In a direct quote from the 60 Minutes website, the reason is explained. "They collected too much personal information. They kept it too long. And finally, they didn't keep it according to appropriate security standards..." says Canadian Privacy Commissioner Jennifer Stoddart, who led the investigation of the TJX theft for the Canadian government and the Province of Alberta, and released her findings before investigations in the U.S. are finished. TJX operates chains in both countries. So just how did this happen?
The tech industry has been tripping over itself for many years to keep up with customer demand both here and overseas. In order to satisfy customers, the product sometimes gets released before it is really ready. In the case of TJX, it’s the wireless network system that turns out to be suspect. "This was a case of penetrating the network from without the stores because it is…a wireless network. You can then capture the wireless transmissions if they're not sufficiently encrypted..." Stoddart says.
When you swipe your credit card, your data is often transmitted through a wireless router either to a bank for approval or to the store's main computer. But the signal carrying your information bleeds easily through the walls. If the person outside your store knows how to get into the computers in question, well, disaster can occur. The simplest way to help insure that your wireless system is protected is by using WEP (Wired Equivalent Privacy) encryption on your wireless router. But WEP is tired and has been around long enough that people who really want to get in can just go to the internet and download software that can bypass WEP encryption. So what is the answer? The best answer is to change the password on your router often. Even though this may seem like a simple answer, it probably about the most effective for home and very small business use. We have this silly habit of using one password to protect all of our internet-connected devices. That’s bad news.
Is there good news? Depends on you!
In all reality, passwords need to be changed frequently, especially on devices attached to the internet like routers. If we truly want to protect our systems, we need to get into this very simple habit.
With that, I want to wish you all Happy Holidays and Happy New Year from the Pasco County campus on the West Coast of Florida!
From Co-Author:
Gary L. Brelsford
Information Technology Program Advocate
Pasco County Campus