Don't Get Punked!

Beauty businesses too must safeguard their computers from the hacker underground.
by Joe Dysart

Beauty retailers that are uneasy about the increasing frequency of unsolved hacker cases can take heart: With a bit of planning, it is possible to significantly reduce vulnerability to a computer break-in via the Internet.

So far, it’s been computer breaches at giant corporations, such as VISA, MasterCard and PayPal—perpetrated by a shadowy group of hackers known as “Anonymous”—that have grabbed most of the headlines.
“Anonymous is heroic to many people who are sick of government lies and weary of government intrusion—unwarranted and warrant-less—into the lives of U.S. citizens,” says Sharon D. Nelson, Esq., president of Sensei Enterprises, a computer-security consulting firm.
“They have become very [similar to] The Terminator movies—the Resistance fighting Skynet,” she says. “Many are script kiddies or amateur hackers. But there is a core group of hackers who have extraordinary skills. They present one of the greatest security threats of recent years. And we have not, so far, done a lot to counter their intrusions.”

But while Anonymous’ exploits have been reserved for big game and even bigger headlines, Web security experts say virtually every computer user is seriously at risk of being hacked by someone these days; especially businesses and users who are cruising the Web with little or no protection.

[Image: Thinkstock/Hemera Collection]

Don't Get Punked! p.2


“The Web is an extremely risky area—especially during tough economic times,” says Brian J. Esposito, CEO of AVEYOU beauty boutique. “When desperation levels increase, you also see an increase in crimes across all spectrums. The fact that you have to update your personal virus protection daily is proof enough that hackers are always finding new ways to break into systems. Hackers find a great source of revenue by selling this information to marketing firms—or your own competitors.”

Jordan Blum, president of, agrees. The Web is “significantly more risky for etailers that don’t own their own and manage their own ecommerce platform,” he says. “Oftentimes, website security is penetrated through known holes in third-party applications.”

“Rogue applications, click-jacking, survey scams—all unheard of just a couple of years ago, are now popping up on a daily basis on social networks such as Facebook,” says Graham Cluley, a senior technology consultant at Sophos, a computer-security consulting firm. “Many computer users still don’t realize that they can wind up with something nasty on their machine simply by visiting a website.” Cluley’s firm recently released “Security Threat Report: 2011.” “Over the year, we saw an average of 30,000 new malicious URLs every day—that’s one every two to three seconds. More than 70% of these are legitimate websites that have been hacked. This means that businesses and website owners could inadvertently be infecting their patrons without knowledge.”

The security takeaway? Beauty store businesses of all sizes need to make peace with the fact that hackers won’t be neutralized anytime soon. They also need to accept that their current computer defenses are probably Silly Putty in the hands of the most experienced hackers.
The best way to begin hardening your digital perimeter is to realize that the person or staff responsible for your Web security is the overarching factor in keeping your business safe—not necessarily the security technology he administers and oversees.

[Photo credit: Google images]

Don't Get Punked! p.3


“Salon Professional Services—parent company of AVEYOU—uses Microsoft Security Essentials on our office, warehouse and store computers,” says AVE-YOU’s Esposito. “We have tried them all through the years and feel this service is the best in the industry right now. We also run daily security checks with SpyBot to check and remove any potential spyware that may have been placed on our computers.

“In addition, we use McAfee SECURE ScanAlert, TRUSTe and Network Solutions SSL Security on our sites,” Esposito says. “Our site is monitored by the second for any irregularities or vulnerabilities. Security is of the utmost importance to our company. Protecting our customer’s sensitive information has been an area of our expertise over the past 10 years, and we are always implementing new features to further expand those protections.”

“Fundamentally, good security really is just good systems administration,” says Ira Winkler, founder of Internet Security Advisors Group, a computer-security consulting firm. “And if you can’t afford or can’t get a good system administrator, I recommend outsourcing that.”

In fact, Winkler says that the smallest of businesses will probably be better served by an outsourced, third-party solution, given that the entire focus of a top-notch network-systems provider is on configuring, maintaining and securing computer systems 24/7.

At a minimum, Nelson recommends a quality firewall that’s properly configured, and Internet security software that guards against viruses, malware and spyware. There should also be security policies in place regarding password length, complexity and the like, Nelson says. And you’ll also need to be sure staff gets the message that your company’s security is serious business.

Be careful with any custom-made software, Nelson adds, since these programs are rarely subjected to the rigorous security testing that popular, established software endures. Content management systems—software designed to enable businesses to easily update their websites—are often custom made. “A custom CMS is usually a bad idea,” Nelson says.

Many people also tend to get lazy about passwords. Surprisingly, one of the most commonly used is “P-A-S-S-W-O-R-D”—a seemingly trivial oversight that has spelled the undoing of countless, otherwise stellar computer-security systems.

Nelson recommends complex alphanumeric passwords of more than 12 characters, which are tough to crack even by password-stealing software specifically designed for the purpose. And she reminds people to use different IDs and passwords at different gateways.

[Image: Google images]