In 2014, over 85 MILLION records were reported as compromised, according to the Identity Theft Resource Center (ITRC). These records were the result of only 783 breaches. These figures should be alarming for both individuals and businesses, as this shows the scale of attacks that can be launched by someone determined to get your information.
Let’s look at some ways attackers can get your information and how you can prevent them. Sure, a company such as Staples needs to do its due dilligence in implementing data protection, but some of the methods used by attackers aren’t always due to a business not taking the proper steps to protect itself on the technical end, but sometimes the result of human ignorance (such as someone getting access to something they shouldn’t have access to).
Weak passwords
Having a weak password is one of the easiest ways an attacker can gain access to your email, bank account, Facebook, etc. You may think by using your pets name with your birthday would be tricky enough, but you’d be mistaken. Hopefully by the end of this article, you’ll see why this can easily be figured out by a determined attacker.
Password DON’Ts:
- Use names (yourself, family members, pets)
- Use a dictionary word – attackers can use programs that will actually forcefully check millions of possible passwords in order to get into your accounts
- Use addresses, birthdays, or other personal numeric identifiers
- Use all lower-case, all upper-case, all letters, or all numbers
- Examples of bad passwords: password, charlie123, avalanche, annejoe1979
Password DOs:
- Use a combination of letters, numbers, special characters (i.e. !, #, $, %)
- Mix both capital and lower-case letters
- If you have a hard time remembering passwords, create a password that may resemble a word or phrase but by using different cases, numbers, and symbols. For example, if I wanted to use a password relating to movies, I could create the password 1L0v3M0v1!35 – the characters resemble the phrase “I love movies” but it would be very difficult for someone to crack it using conventional methods
- Use online password strength checkers to make sure the password that you chose is a strong one, such as: https://howsecureismypassword.net/
- Consider using a strong password generator, such as https://strongpasswordgenerator.com/
Easily obtainable passwords
Sometimes an attacker is closer than you think. They may not just be a faceless person on the internet, but someone lurking in the shadows.
- Avoid writing your passwords down. This can be detrimental in many ways. If in an office, all a thief needs to do is look at the post-it note on your computer, or lift up your keyboard.
- Don’t give out your password. This may sound like common sense, but you’d be surprised how many people will willingly give out their password. No one should ever need your password. If you ever do need to give a trusted authority a password, change it immediately once you are able.
- Consider using a password manager program, such as https://lastpass.com/. These programs can manage all of your complicated passwords so you no longer have to remember them! This way all of your accounts will have unique, strong passwords, and you’ll only need to remember a single password.
Social engineering
This term may make you think of social networking and sites like Facebook, but social engineering, in respect to security, is an entirely different animal. It is a practice by which attackers will use social techniques to obtain your secure information. This could come in the form of someone asking you questions that could in the moment seem harmless, but may be part of a larger information-gathering scheme. Deception is the name of the game, and this is one of the biggest areas where attacks can occur but can be prevented.
- Be weary of phone calls, emails, or unsolicited visitors on your doorstep who ask for personal information. If something doesn’t feel right, it most likely isn’t.
- Remember, banks and business aren’t going to ask you for personal information when they reach out to you. This is different than calling the cable company to pay a bill and providing your account number – think of someone calling you, claiming to be the cable company and asking for your account number. If they are calling you, they should already have your information!
- Never provide any kind of secure information online over the internet. Attackers can pose as a legitimate person or organization by faking their email address, online profile, or even hacking into a real friend’s account.
Password consistency
We mention a lot about passwords, and while having a strong password is the first step in protecting yourself, it can only get you so far. If you’re using that same password for your e-mail, bank account, Facebook, iTunes, etc., all it takes is for someone to get that password to ruin your world.
- Change your passwords regularly. It may help to add a recurring calendar event in your smart phone or physically marked on a wall calendar. Every 90 days is a good range to go for, but you can never change it too frequently!
- Use different passwords for different services. If you use a lot of services and can’t bear the thought of all of those passwords, consider using a password manager program.
E-mail phishing and viruses
E-mail is one of the biggest causes of viruses and attacks that we see with clients. Phishing (and now Spear phishing) is a way for attackers to pose as a legitimate source in order to collect personal information. Things can get so much worse than a malicious program that just needs to be removed with the emergence of viruses like cryptolocker and other offshoots that can hold your computer hostage.
- Do not open an e-mail attachment if you are not expecting the person to send you a file
- Do not open an e-mail attachment from anyone you don’t know
- Postal services and other businesses will not typically send you files, especially in a “.zip” format
- Don’t click on links in emails you aren’t expecting. If there is a case where you get an email that appears to be a trustworthy source, such as a bank, go directly to the banks website rather than clicking on the link.
- When in doubt, call the business or individual who sent you the e-mail and confirm what they have sent you
Using public or shared computers
This one should be a no-brainer, but should be mentioned. If you’re using a computer that is not your own, even if at work, never, ever, EVER, allow the computer to “remember your password.