We all know how important it is to use strong, unique passwords and the addition of multi-factor authenticity when logging into our emails, bank accounts, social platforms, etc. And both items provide us with a sense of security, we feel confident logging into our accounts at home, at work, or even via a friends computer knowing that once we have logged out no one is going to be able to gain access, well that’s not necessarily the whole truth because when a hacker looks to gain access to your accounts and therefore your private data, they could go the route of using hacking software that literally hacks passwords within seconds as discussed in this excellent and entertaining interview with Edward Snowden on Passwords:
Or, which is far more likely as it’s easier, they will hack the entire website, platform or network you subscribe too, as it takes less time hacking a database which provides the criminal with millions of individuals private information such as their names, date of birth, home addresses, banking details, email addresses… and passwords, than it would take to hack each individual’s account one by one.
Now of course as also outlined in the above video the longer and more complicated a password is will certainly help slow down a hacker but it won’t stop them, according to the Director of Identity and Security at Microsoft Alex Weinert, in a microsoft community post published in July 2019 titled “Your Pa$$word doesn’t matter” Alex says:
“When it comes to composition and length, your password (mostly) doesn’t matter.”
“Remember that all your attacker cares about is stealing passwords so they, or others, can access accounts. That’s a key difference between hypothetical and practical security.”
However Alex goes on to say later in the post that:
“Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA.”
And though it is certainly the case that MFA or 2FA (two-factor authentication) as it is otherwise known, does go a long way to prevent a hacker from gaining access to an account, it’s still just a matter of time before someone finds a workaround, and as we are almost 3 years on from Alex’s comments, cybercriminals have found many workarounds in which to bypass or intervene these one-time codes sent as an SMS to a users phone.
So what can one do?
Ensuring that you use different complicated passwords on every account, and quickly responding to any text message or email notification that someone has accessed an account, by quickly logging in to that account and changing your password, is pretty much the only thing you can do as once a hacker has your details, your personal information can be used in a variety of different ways, so all that we can do at this stage is be proactive in our decision making and reactive in our response. I would advise if you haven’t already done so, to sign up to a credit report company (obviously using a different password!) so that you can see if anyone has tried setting up any bank accounts or taken out loans in your name, more information on identity fraud, identity theft and what to do if you have been affected can be found HERE on the Action Fraud website.
Now another layer of protection comes in the form of internet security and antivirus software, of course this isn’t going to help prevent a hacker from accessing an account like your email but it does help your computer from being infected from let’s say clicking on a dodgy link, well you may be thinking to yourself, I would never click on a link in an email I’m not 100% sure about. Well what if your best friend, or a family member’s email account was breached and the hacker sent you a phishing email written in the same tone as that friend or family member about something in the news that you are interested in, the message contains a dodgy link posing as a link to a news item on the BBC website, would you have clicked on this link? Well the chances are you would have done so! This type of attack is known as Spear Phishing and it has been on the dramatic rise since the late 00’s, Trend Micro researchers discovered that in excess of 90% of targeted attacks 10 years ago in 2012 were derived from Spear Phishing emails. So, you would certainly hope to have the right antivirus protection setup and installed on your devices just in case of such an event, but never cheap out on the security you use as not all antivirus protection is the same by any stretch of the imagination, and antivirus protection isn’t always enough either, as the editor and chief of Norton LifeLock Steve Symanovich writes in his article titled Why antivirus may not be enough:
“Malicious software and viruses are as prevalent as ever, and that’s why having antivirus software is as important as ever. But the “threat landscape,” as security experts like to call it, is changing. And that means your approach to protecting your identity and your data should also evolve. Antivirus alone may not be enough.”
Which may come as a surprise to some, how can antivirus not protect against a possible virus threat, that’s usually because it’s an unknown threat, if a hacker manages to find their way onto a websites database, they have done so by finding a doorway in through the websites code, it’s not until the website owners become aware (if they do become aware) of a breach to their website/server that they get their web technician to find and patch that doorway in, blocking it from hackers. Antivirus works in a similar vein, if it’s something that goes undetected by the antivirus software then it will still infect your device, it’s only when you have informed your antivirus provider or their software alerts them to the attack that a remedy can be worked upon, this can obviously take the software provider quite some time, many days in some instances to fully resolve, which inevitably leads to concerns of computer downtime, however that’s where having an IT security service provider or IT security SLA (service licence agreement) with a technical expert comes in very handy, with the right setup in place your devices can be free of viruses and ready to use again with little downtime within hours. It really does pay to have the right systems in place! According to research carried out by the U.S. Securities and Exchange Commission in 2015, titled “The Need for Greater Focus on the Cybersecurity Challenges Facing Small and Midsize Businesses” found that 60% of SMEs went out of business within the first 6 months of falling victim to a data breach, hack or cyberattack, that is an extremely high figure and one not to be sniffed at.
If you are concerned about yours or your company’s IT security then we can help. We offer a free verbal consultation over the phone, and carry out full on-site system, software and hardware audits to build a map of your current setup and to create a roadmap on how we would take your IT security to the next level and beyond.