Education needed to stop hackers exploiting web users' 'scary' data sharing

People need to be more guarded over personal information they share online, WorldPay's Darren Dance tells Computing

More education needs to be provided and at a younger age in order to stop people oversharing data online, thus reducing the risk of hackers being able to exploit publically available information for cyber criminal gains.

That's what Darren Dance, Unix technical lead for online transaction firm WorldPay told Computing at Splunk Worldwide Users' Conference 2013 in Las Vegas.

WorldPay crunches over 500 GB of data a day and has various measures and protections in place to ensure that its customers' data remains secure, but Dance believes that security begins at home and web users need to ensure they're not giving hackers and cyber criminals an easy ride.

"We need to teach kids when they're younger about how easy it is for their stuff to get out online and the amount they're sharing on social media, for example," he said.

"You can actually mine data from social networking spaces using a free tool from Splunk, so if you were actually a cyber criminal, you could start to look at people's posts to work out what their pet is called and give you a good idea about them."

Dance told Computing that too many people still use simple passwords - such as the nickname of their favourite sports team - and easy to discover information like that is too often shared on the likes of Facebook, something that he argues many don't understand the risk of.

"People actually do use simple passwords. People who are Arsenal fans have passwords like ‘Gooner' and things like that! People do stick with what they know and we need to educate people who are a lot younger, and also everyone needs to know a bit more about how risky it is to put anything online," he said.

And while those with a better understanding of security, like those working in business, might already be aware of this, Dance argued that it's away from the office where the biggest threat might lie, with users being blasé when it comes to passwords.

"Education needs to go to everyone, not just the enterprise, because in the enterprise we have all the processes and controls, but at the end of the day, people's home PCs if they're using weak passwords, they are a threat," he said, adding the amount of information people are happy to share is worrying.

"If their PCs get compromised you've got the likes of botnets and it's scary the amount of data that is open to abuse."

Dance added that the amount of trust web users put into cross-site authentication is also a worrying trend which needs to be addressed.

"People allowing Facebook to do authentication for other sites and linking apps between websites is really scary.

"The amount of trust we're happy to put into that kind of thing... yet in other parts of our lives we're really paranoid," he said.