To Kill a Password – The Halloween Files
Do you know if your password has ever been stolen?
This time of year is synonymous with ghosts and ghouls. There are, however, many other scary factors that would make your mind race about what could possibly happen in the realm of cyber security. Your passwords being compromised is certainly a worrying thought. It could be a current event, or might have happened in the past, and you don’t even know it yet. In a post-GDPR world it has become even more important to protect yourself, your staff and your customers.
When asked trick or treat, you don’t want someone to show you a nasty trick where they tell you your password. Ensuring your online security by using one which isn’t easily predictable is key. Some commonly used passwords are strings of consecutive numbers or letters from a keyboard. These will become a first port of call for someone trying to get into your account. You should use a combination of upper case, lower case, numbers and symbols for security. If you can mix these up into easy to remember words or phrases, you’re making it even less predictable. Read more about what not to do when choosing your password here.
The Frightening Truth
In the last year there have been significant hacking scams taking place, and cybercriminals are constantly attempting to steal your sensitive data. Earlier this year Dixons Carphone suffered a large-scale security breach. The names, physical addresses and email addresses of 10 million customers were stolen. A mass data breach of this kind can cause severe distress to customers. The reputational damage associated can sometimes make it hard for companies to regain public trust.
British Airways suffered one of the biggest breaches since GDPR’s implementation this year. Cybercriminals stole financial data of 380,000 customers during a two-week period in August and September. Although this did not impact customers with accounts on record, it is still a significant number of people now having to ensure their accounts aren’t under threat.
A recent security threat comes in the form of an email claiming to have video evidence of a user watching pornography. It works by using compromised passwords. The victim’s leaked password will often be in the title or first sentence of the email.
The email states the video will be sent to all the victim’s contacts within 24 hours. Seemingly the only solution is to provide the sender with a large amount of bitcoin. The sum is usually many thousands of dollars, and some may pay even if there is no wrongdoing. The email becomes vague on personal details other than the leaked password and doesn’t actually give any specific information on the misdemeanour. Lack of knowledge of the recipient is a key sign of deceit. You can ignore this email as a scam – however, the implications of a password that may still be in use being compromised are serious.
The Friendly Ghost
So how can you find out about potential security risks?
Luckily it is possible to find out what information may be available about you or your business on the dark web. This could be old passwords from email or other online accounts that may have been compromised and are now available to the highest bidder. Think back to any of your old, unused email or website (LinkedIn, for example) accounts. Could they have been hacked in the past without your knowledge?
Data from a safe source, which has been analysed and validated, will provide you with the insights you need to improve your online security. Some suggested measures might include implementing two-factor authentication, security awareness training or password management systems.
Getting ahead of any potential breach with the right security is the best way to counteract possible risk. Extra layers of added protection are advisable to help safeguard your business’ future.
If you find that one of your passwords has been compromised, it is worth ensuring that you don’t have the same password in use anywhere else. It is advisable to use different passwords across different platforms, and to change them regularly.
Using words memorable to you but changing numbers and symbols for letters is one way to create a strong password. You could change 0 for o and $ for s, for example. The words should be familiar to you but not obvious to a criminal, such as hometowns and child names. There are also password managers, like LastPass, which generate difficult to predict passwords for you and store them securely.
How to Spot a Hack
Sometimes the hack itself can take the form of an email saying your account has been compromised. It will look like it comes from a company you know, and links to a site looking like theirs. Once you enter your email address and password, the criminal has everything they need. To avoid a breach of this kind, type the link of the site directly into your browser so you know you are going to the official page. You can also check the sender’s email address – it may appear as from the company, but the address clearly isn’t.
The Helping Hand
There are many other factors to making sure you keep your data as safe as possible. To check how secure your business is, take our cyber security awareness grader here.
Netstar offers a number of solutions, such as two-factor authentication, to help reduce the risk of a cyber-attack. Get in touch now to find out how we can help your business.