Search Insecurity

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Searching for answers online has become the modern-day equivalent of using the phone book: It’s a routine activity that most of us do with little conscious thought. You type a keyword into a search engine, hit “Enter” and go to town.

After reading a report recently published by McAfee Inc., I suspect we may want to rethink the little-conscious-thought part. It turns out that searching for the wrong things can get us into trouble. Lots of it.

Example: You’re sitting in the office waiting for the phone to ring. It’s been a busy week and you’re tired. Thinking a new screen saver might perk up your mood, you pop online and search for one. You click on a few links until you find a theme — let’s say kittens, because everyone loves kittens — and download the file.

Welcome to the danger zone. Hackers, knowing full well that “screen saver” is a hugely popular search term because they actively track these sorts of trends, have been setting up sites that not only serve up that delightful kitty-themed screen saver, but also a surreptitious script that executes during setup and sends your personal and corporate data back to the criminal mother ship.

Accordingly to McAfee, the term “screen saver” is the likeliest of the 2,600 terms studied to expose the searcher to some sort of online risk. Other risky terms include “free games,” “work from home,” “Webkinz,” “free music downloads” and “touch my body lyrics.” No, I didn’t make that last one up, and no, I can’t believe someone would use an office computer to search for something that questionable. Some people still don’t get it.

This is problematic on a number of levels. Criminals focus their efforts on the things we do most often. And as online searching becomes increasingly integral to our lives, we can expect these cretins to zero in on what we search for to efficiently trap us in their ill-intended web. We lock our doors at night because we know burglars lurk in the darkness: We should adopt a similar way of thinking when we go online, and assume someone’s watching and waiting for the right moment to pounce.

If you’re an individual, there isn’t a whole lot you can do to shut the criminals down. But you can very easily side step their luring efforts by keeping your eyes open and reading search results more carefully. There is no free lunch in real life. Nor is there one on the Internet — and following a link to a strange site is the online equivalent of walking down a deserted alley at night. Alone.

While we’re discussing it, you might also want to limit the amount of personal searching you do on company time. Does your boss really need to know that you’ve been researching Webkinz characters for your daughter’s upcoming birthday? Didn’t think so. Save it for home. And even then, watch what pops up after you click “Search.”

In a company, education and policy can go a long way to minimize exposure. Most end users, when confronted with news that they’ve engaged in risky behavior, are extremely cooperative. Many of them are unaware they’re doing anything wrong in the first place. For this I assign full blame to IT and business leaders who assume end users automatically know how to conduct themselves in a secure and appropriate manner when using corporate computing resources online. But nothing should ever be assumed, as users can’t be expected to know what current security best practices are. The accountability for opening everyone’s eyes — both to this specific search-related risk as well as any other — lies within organizational and IT leadership.

Those leaders can reinforce the right behaviors by implementing acceptable use policies that speak specifically to appropriate and inappropriate uses of search-related services. The more detailed they are, the less opportunity there is for misinterpretation. Leaders who walk the walk and keep the issue of search-related safety visible during day-to-day interaction with workers will maximize buy-in and keep these initiatives from gathering dust.

I guess it’s only a matter of time before everything we do online comes with a giant asterisk attached to it. Even activities once thought safe are now clearly in hackers’ crosshairs. If your job requires you to touch a keyboard in any way, you owe it to yourself to get up to speed on the risks you run by searching for the wrong things.

And while you’re at it, stick with the generic screen saver that shipped with your operating system. Let someone else get burned by the kitties.

Carmi Levy is a technology journalist and analyst with experience launching help desks and managing projects for major financial services institutions. He offers consulting advice on enterprise infrastructure, mobility and emerging social media. He can be reached at editor (at) certmag (dot) com.

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Tech Know|