Security advice from an ‘ethical hacker’

first_imgSometimes it pays to trust a hacker—at least one who has dedicated his career to uncovering potential vulnerabilities living below the surface in credit union information systems.David Anderson of CliftonLarsonAllen is just such an “ethical hacker,” and he gave CUNA Tech/OpSS Council Conference attendees a peek behind the curtain of today’s latest cybercrime techniques.Anderson uses leading-edge hacking and testing methods, including network penetration, social engineering, and email phishing to expose potential areas of weakness in his clients’ networks.Anderson says the No. 1 oversight “that makes a hacker’s life easy” is providing users with local administrative privileges. This action may enable hackers to locate the one system or application that has a vulnerable entry point, and it increases the range of possibilities of what the hacker can accomplish within the system.Other practices that may expose sensitive data to hacker activity include not giving domain administrators separate user accounts, poor patching, weak encryption practices, and the widespread use of vendor systems and equipment. continue reading » 30SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblrlast_img read more