Saturday, March 26, 2016

Securing Your Financial Information

Security is often a nebulous and scary concept, particularly when it related to computers.  Anyone with an internet connection or whom watches the news can appreciate how hacks can put your data in jeopardy.  Ever piece of data you put on the internet is another piece of data that can be stolen.  The more places you have that data, the more 'surface area' you leave open.  That is to say, each place you store your information is another place that information can be taken from.

While having passwords such as your blog account cracked maybe upsetting there are two places that are particularly dangerous to lose control of your data.  The first is medical records.  Medical records may allow a hacker to get prescriptions and medical equipment they should not have access to, gives them your personal data to create credit, they might even use your insurance.  The other risk set of data you can lose is your financial data.  This too can be used to extend illegal credit, use existing charge cards and even make withdrawals from your account.

Pourbus Francis Bacon.jpg
"Knowledge is Power." - Sir Francis Bacon 

The vast majority of the types of attacks that occur are those against web-connected systems.  Typically these are websites and phone apps.  The reason for this is because they provide the bad guys the best bang for the buck.  If you want to make money using credit card data, you need thousands of credit cards to make it worth your time.  The easiest way to do that is to find a large data store that contains lots of data in it.  A single person's data is not worth all that much, maybe at little as a dollar.  Instead, thieves depend on getting lots of data at once.

One common attack is known as a SQL injection.  If you pretend for a moment that you had a machine that processed bank transactions.  The system had a pre-written statement with a few fields that needed to be filled in would read that looked something like this:
Deposit X dollars to account Y and Withdrawal X dollars from account Z.
So a real transaction might appear like this:
Deposit 1000 dollars to account MyAccount and Withdrawal 1000 dollars from account MyWorkPlace.
Now imagine that someone whom wanted to steal money from the bank.  They might try to prevent the withdrawal piece from ever occur.  This would look like this:

Deposit 1000 dollars to account MyAccount and disregard this: and Withdrawal 1000 dollars from account MyAccount.
The machine would look at that and would deposit 1000 dollars then never withdrawal the money.

The power in this is that if you can figure out how to do a SQL injection for one account, you can do it for every account.  After all, it's just filling in a blank with the right account information.  So once you have defeated the security for one account, it is often possible to do the same for every account, making everyone vulnerable from one small security hole.

Now that you can see the reason your data is at greater risk the more places you store it and in particular, when storing your data online, the question is what do you do with it?  How can you protect your data?  Products like Money Pig, that exist on a individual's machine make it more difficult for a hacker to break into because they don't have a single place to break into.  It isn't like the data of 1 million people is sitting on a single database.  Instead, only your data is stored on your computer.  There is also less incentive to break in when you can only get data for one person.

Furthermore, Money Pig allows users to not only password protect their files but accepts almost any characters including special characters, spaces and international letters.  This makes the number of possible passwords much larger and more difficult to discover.  Many online websites limit the type of password you can enter.  Finally, the data is only stored locally or where you choose to store it.  If you decide that Drop Box is a secure enough location, you can store it there, but you are in control. You have the power to decide what to do with your data.  If you decide to quit using the product, unlike a website, in which you can never be sure your data was fully removed, you can delete it because you are in control of the data.  Eternal Blue Software, the maker's of Money Pig, do not collect any personal financial data.  Furthermore, no back door exists in our software to allow us to open your data, even if we wished to.

Security is important to us all.  We need to continue to adapt and find new ways to keep criminals out.  Eternal Blue Software will continue to do their part by keeping Money Pig up to date.  We welcome questions about how our security works.

Padlock, Lock, Chain, Gate, Keep Out
Find a product that keeps you in the know and the criminals out.

Disclaimer: The information on this site is provided for discussion purposes only, and should not be misconstrued as investing advice and/or professional financial advice. Always consult with a licensed financial professional.

No comments:

Post a Comment