Iloveyou2 but your password is predictable

Louise Fenn 11th May 2021

How secure is my data? The question on everyone’s minds, and with cyber-attacks on the rise, the apprehension is valid! In this two-part blog series, we’ll be discussing what consumers and corporations can do to help keep data safe.  

So, what are the facts? Cyber-attacks are currently one of the biggest threats to national security in the UK, so much so that the government developed a five-year strategy, investing £1.9 billion to tackle the issue. 2020 was hit particularly hard, with IT Pro reporting that hacking attempts surged by 20% due to Covid and remote working… hackers have clearly been spoilt for choice amid the pandemic panic! 

Beaming also reported that in 2020, there was an attempted attack every 46 seconds, with last year proving to be the busiest year on record. 

So, who are the hackers targeting? Perhaps you’re thinking smaller companies with low levels of security and lax procedures. And whilst you’re not wrong, most recently, it’s one of the most secure companies in the world in the hot seatBusiness Insider reported that over 500 million Facebook users details were posted online including phone numbers, full names, locations, email addresses, and biographical information. 

Following this incident, an internal email was leaked from Facebook that seemed to downplay the data breach and told colleagues to expect more scraping incidents (BBC)Should we now expect our personal details to be shared so carelessly 

Whispers of a data scraping issue at LinkedIn also hit the newsstands last month, with data of 500 million users allegedly being sold online (cybernews). LinkedIn has since released a statement ensuring users this was not a data breach, and the scraped data was member data already open to the public. 

If you’re curious to see if your details have been leaked, find out for yourself on Have I Been Pwned.  

Now knowing that companies – even social media giants – don’t appear to be as 100% secure as we once thought, what can we do as consumers to minimise the risk of our personal details being leaked online?  

Here’s some top tips from our experts at ECS. 

 

Strength in length

I’m sure we’ve all heard it before, but make sure to choose something memorable, but not obvious! Computer Weekly reported that over 15% of us brits are using our pets’ names, family members, important dates, sports teams and even the word password to keep our data safeWe all love our pets, but this can make you an easy target for cyber criminals – let’s leave scooby doo on the dog collar! 

The longer the password, the stronger the password. Try throwing in some CAPITALS, num3rs, and $ymbol!s too.  

Anxious that your password isn’t secure enough? Visit Security.org to check how vulnerable your new password is.  

Technology photo created by freepik - www.freepik.com

You don’t need to change your password as often as you think

For as long as I can remember, the advice has always been to change your passwords frequently – helping to keep hackers time within your account to a minimum, should your password be compromised.   

But as tech changes and develops, so does the advice. What we’re hearing now is unless you become aware of a security breach, there is no need to change your password. Experts say changing passwords regularly could even increase your chances of being hacked, as users end up being less creative with their choices, making them weaker (Business Insider).  

Remember if you’re not going to change your passwords regularly, make sure they’re secure! Read on for more tips. 

 

Never use the same password twice

This may seem obvious, but let’s look into why. 

Let’s pretend the unthinkable has happenedKeith’s Facebook account has been compromisedOh well, at least it’s just Facebook.  

Well… it would be, if he hadn’t also used Bugsy1982 for his Amazon account, Netflix, personal banking, Boots subscriptiongym membership, Financial Times subscription, Uber account, work email 

Keith checks his Amazon account to find hes locked outHe then gets an alert that his bank account has gone into overdraft. He checks his bank account to find orders he did not make. Panic ensues. 

Don’t be like Keith. 

Whilst easy for the memory, re-using the same password makes light work for hackers – they only need to crack one account to crack them all. 

One point we can’t stress enough: make sure you have a different and unique password for your email account. If you need to re-set your password, odds are you will do this via your email account. No access to emails = no access to accounts.  

 

Sharing is caring, but keep your personal data to a minimum

We all like to stay updated in this hyper-connected world, but should there be a limit to what we share online? 

Experts say there is the potential for anything we post online to be used against us. Perhaps you’ve posted an adorable picture of your puppy on social media, tagging your hometown with the captain ‘welcome home Rex’. Three months earlier, you posted a photo of your Christmas wreath on the front door. The snooping cyber-criminal now knows where you live, your house number and a potential password for your accounts. 

Advice from professionals is to act as if nothing on the internet is private. Stop and think ‘this could potentially go public, am I okay with that? DI really want a random person to know where I live?  

Make sure to keep your posts on private and don’t accept friend requests from anyone you don’t know… even that hot single claiming to have ‘just moved to the area’.   

 

If something seems too good to be true, it probably is!

Remain vigilant! If you receive an email saying you can win an all-expenses paid trip to Hawaii by ‘clicking the button below’, don’t be fooled. These are phishing emails and they come in all shapes and sizes – you might be asked to:  

  • Verify bank details 
  • Send money abroad 
  • Click on a link 
  • Donate to charity 
  • Resolve an issue on your account 

The majority of these phishing emails will be easy to spot through formatting and grammatical errors, but they are growing in sophistication. Today, hackers are studying a company’s personnel and learning their manner of speaking before spoofing them. 

This can make emails look legit – coming directly from companies you trust or even your boss asking for an urgent request that you must action immediately because they’re in a meeting and can’t get to it themselves.  

We said it before and we’ll say it again. Remain vigilant! 

Read more about the tell-tale signs of phishing and how to make yourself a harder target on the National Cyber Security Centre website. 

Cut long story short, we all need to become more aware and cautious with our personal data 

Look beyond your pets.  

Think before you share.  

Afterall, sometimes it’s best to leave a little to the imagination. 

Stay tuned for the next blog in this twopart series which will cover what companies can do to minimise their risk and increase security. 

Found this interesting? Why not share it: