You may have in the past read in the news about organisations being hacked or held to ransom. Some of the most recent cases are hospitals, schools and private telecoms companies. Recent high profile hacks have been with companies we know such as Yahoo, Equifax – companies that hold our personal information.
Why do hacks happen?
The majority of the time it is due to a user interaction or failure to secure information which has led to the hack. Your home can have all the security locks, lockable windows, CCTV, burglar alarm with monitoring, security lights etc but if you pop into your garden and leave the front door open the local burglar will take advantage of the opportunity. Similarly hackers are opportunists that send emails in the millions (spam), and it only takes you to open one and it could bring your entire company to its knees.
How can I stop a hack?
An organisation with its own IT department should have put in sufficient measures to prevent such attack such as secure logins, restricted devices, encryption, updated software, anti virus, firewalls etc. On your personal computer you can have a firewall, anti virus software and security updates installed but if you receive a rogue email and click on it – you have basically told the system I am allowing access to my system. Another point to remember software updates are only as good as the last update. Viruses are mutating all the time so if your Antivirus definitions are one week old the Antivirus software may not detect a virus which was written yesterday. A computer virus is not only spread by emails, they can also be on compromised websites or what some may say unethical websites where you download pirated/copyright software/movies etc. Or it could be something like using your usb stick in a friends computer that is infected then when you plug it into your own device it also gets infected. Other types of hacks are where hackers/individual use social engineering by pretending to be your bank/friend on the phone/email. A lot of us nowadays post to social media such as Facebook, Instagram, Twitter etc. Some people put too much information online such as employer, school, date of birth etc. Some people even go as far as saying they are currently on holiday. While you may think your profile is secure – it only takes a connection to reshare your post and it is open for others to see.
Be careful what you put online
In the past, questions to reset passwords were asking questions such as mothers maiden name, first car, favourite colour, name of pet etc. In the 2013 movie “Now You See Me” they tricked the target into answering questions about his pet’s name, they then used the answer to access his bank account. Similarly information online maybe used to reset passwords and gain access to your accounts or worse find out where you live and send someone to burgle it if you are away. Therefore it is strongly recommend against putting any personal information online as you just don’t know who maybe accessing it, insurance companies have stopped paying out on claims if they discover you posted online that you were on holiday etc. Due to the ever increasing number of sites/apps that need signing into we all too often end up either using easy to remember passwords which are then reused on multiple sites. This in itself is a huge problem because if a site gets hacked the hackers could try the username/password combination on other sites.
How can I check if my data has been compromised?
You can check if you are the victim of a data breach by entering your email address’s on the following website: https://haveibeenpwned.com (don’t worry this is not a dodgy adults only website). What can I do if my data has been compromised?If you find you have been affected by a data breach, it is strongly advised to:
- change your password immediately.
- Where possible there is another security measure you can take (where applicable) by enabling Two Form Authentication which prompts you for a 6 digit code when logging into a site from an unknown device/location. This is normally a text message to your phone or a authenticator app which generates a code every 60 seconds.
Keeping track of your passwords
If like me you have numerous accounts and are struggling to remember all the passwords and are guilty of using the same password on numerous sites there are tools available to manage passwords such as KeePass, KeePassXC, Dashlane, 1Password, LastPass etc.
We can help
If you are the victim of virus infection, data breach, would like a security audit on your systems or want some training on using a password manager, get in touch and we would be more than happy to help. Disclaimer: BKS Consultancy is providing this information in an advisory capacity, is not affiliated with any of the companies mentioned and is providing independent advice based on experience. BKS Consultancy cannot be held responsible for any decisions made based on the advice above without expert guidance.