jobsgopublic

Well, it’s been a busy few weeks for data security issues - there’s the ‘lost’ inland revenue and child benefit data disks and closer to home there is the continuing fallout from the Monster.com data theft. Where the loss of disks containing sensitive data is a pretty simple one to understand and protect against - encryption and secure courier services anyone? - what happened at Monster is much more of a concern as parts of the attack strategy could be applied to any web user. What causes concern is not that Monster had particularly terrible security - it’s that the group who engineered the attack did so in a targeted, effective and comprehensive manner that exploited many weak links in the interactions between web users, the sites they visit and the emails they open.

This was a complex and technically expert attack and it went something like this:

The Bad Guys™ managed to steal the log-in credentials to access the Monster CV database - the bit of the system that employers and their agents use. This gave them access to millions of peoples CV’s, some of which contained sensitive data. They may well have just stolen the database rather than extracting the CV’s by searching. This information was then used to send phishing emails to all the stolen email addresses. What happened than depends on which phishing email you received and what you did with it, if you clicked - some were rootkited and no doubt became part of the great spam and malware botnet herd, others were extorted via a standard ransomware scam as explained here.

Well, what can we do you ask? Well one thing is for sure - the people who run online systems that store sensitive data can take steps to secure the data and access to it. As we’ve seen from the events at HMRC - even governments can get this wrong. For our part we’ve carried out an extensive security review and are implementing the recommendations - I guess that sounds fluffy but it has to - if I told you then The Bad Guys™ would have a better chance of getting in, and we don’t want that. We’ll be making official statements on the issue in the coming year.

Now - what can you do as a user? The most obvious thing is to be careful who you hand out information to - as we’ve seen in the HMRC example even ‘trusted’ organisations can get it wrong. Barring becoming a hermit and eschewing all forms of technology…….anyway, what to do. Here are the basics, I’ll assume you are with the majority and run some variant of Microsoft OS;

• Update your operating system regularly with the latest patches
• Get a good security scanner - Virus, Trojan, Firewall etc
• Use a good spam filter
• Do not surf the web using an account with Admin rights

Most of these scams are based around tricking the user into clicking on something that lets The Bad Guys™ install stuff on your machine. Emails with links to software downloads are a marketing and distribution dream come true. For those of us at the other end it means that The Bad Guys™ can take advantage of this and send us very realistic looking emails asking us to click this or that to download the latest widget - which we duly do only to discover we’ve been tricked. Below you’ll find some links to sites with more information on how to protect yourself. If you have questions please post them in the comment section.

Email Phishing Scams
About.com phishing information
Anti-Phishing Working Group
National Consumers League (USA)
Hoax Slayer

Identity Fraud - General On-Line Security
Think You Know
Home Office
Stay Safe Online
Direct Gov Information

Articles About the Monster.com breach
Prevex Security (looks like they have some great security software)
IDM.net.au
The Register
The Times Online (London)
Heise Security

As part of our ongoing commitment to charities we are supporting the Bangladesh Cyclone Appeal by donating money for much needed relief.

Cyclone Sidr battered southern Bangladesh on the 15^th November. Requests for donations are requested to assist with the immediate supply of food, clean water, medicine and shelter.

During December and January jobsgopublic.com will donate £10 for every job listed on the jobsgopublic website to the Disaster Emergency Committee’s appeal (www.dec.org.uk). Charity fundraising has become part of the jobsgopublic ethos and we feel that we’d like to use this opportunity to include you, our valued clients in this process.

You may already know our website, or maybe you’ve just stumbled upon it. We listed over 42,000 jobs last year from organisations through England, Scotland and Wales and our network of websites reaches over 700,000 jobseekers a month – so not only will you be contributing to much needed aid, you’ll also ensure your vacancies receive a dedicated jobseeker audience.

Please help us make a change – call us on 020 7923 5610 to find the right talent for your team now!

Terms and conditions

This offer is open to all ad-hoc job advertisers wishing to place a vacancy on the jobsgopublic website and its network. This offer is not applicable to subscription clients. We will make a charitable donation at the start of the promotion and this will be topped up at the end of every month calculated against the number of jobs listed and that are live. This promotion will run from 7^th December 2007 – 31^st January 2008. For job pack bundles sold throughout this time, the donation will be based on rate card value, not job number.