Hacking into a bank account is easier than hacking into a Facebook account

A discussion started last week on Linkedin that struck me quite profoundly: A source who claims to be a hacker, professed that hacking into a bank account was easier than hacking in to a Facebook account. This, I find extremely startling and quite worrying. Surely, global banks who look after millions of people’s money around the world would have a more secure system than a social networking site that many people use to procrastinate over? (Granted, Facebook is the world’s No. 2 website according to Alexa, with over 500 million active users.)

Take for example HSBC, with banks all around the world including the Netherlands, Belgium, France and Germany. With over four million online banking customers, their security measures are as follows: account number, password and PIN code. Only in March this year did they add an extra layer of protection with  a Secure Key, which generates a unique authentication code every time a customer seeks to access their account online.

With Facebook on the other hand, you need just your email address and password to access your account, but facebook has “invested  teams and advanced technical systems that detect and block suspicious behaviour”. If someone is signing in as you from a location that is unfamiliar to you, then Facebook will ask you to identify your friends from photos taken from your albums.  Also, Facebook have taken measures by searching for messages with “links to fake login pages or other malicious websites”. They prevent it from being sent and delete all instances of it from the site, whilst also working with third parties to get malicious sites added to browser blacklists or removed completely.

Both companies’ security approaches are different. HSBC makes its initial log-in process difficult with lots of steps, whereas Facebook makes it easy for users to log in, but takes further actions to suss out hackers and keeping a look out for malicious activity. Yet however different the approaches are, both companies have been hacked and had data breaches in the past.

Could ISO27001 be the answer? ISO27001 is the best practice specification that helps businesses and organisations throughout the world develop a best-in-class Information Security Management System (ISMS). It helps organisations create a framework for compliance, covering many regulatory standards such as the Data Protection Act, Computer Misuse Act and The Human Rights Act, along with many others.  

Our Standalone ISO27001 ISMS Documentation Toolkit will save you months of work, helping you avoid costly trial-and-error dead-ends, ensure everything is covered to meet the current ISO/IEC27001 Standard and will help you protect your organisation from hackers and data breaches.

Read more on Internet security in Europe by downloading this free whitepaper.