Adobe, Capital One, Facebook, British Airways, Equifax – all high profile and familiar names that have been involved in a data breach within the last couple of years, plus many other less well known organisations, all leaking your personal information for cyber criminals to exploit. Reported data breaches were up 33% in 2019, with an estimated total of 7.9 billion exposed personal records containing email addresses, passwords, and financial information. It’s a huge problem that shows no signs of abating, and the chances are that your details have at some point been compromised, putting your personal and business data at risk.
What should you do?
If your personal details are held by any organisation that has had a breach of security then you should change your logon details as soon as possible. A Wikipedia list of high profile data breaches can be found here and in some cases the affected organisation will make contact with anyone with an account to make them aware that a breach has occurred and what action to take, however this isn’t always the case.
To perform a more thorough check you can use an online checking tool such as Avast’s Hack Check. Simply enter your email address and the system will search over 29 billion leaked records to see if your details have been compromised. If they have been leaked you will receive an email detailing which organisations exposed your personal information. In some cases the system will even show you the password that you had used that has been compromised. Once done, Avast will notify you if any further breaches occur in the future
What happens to your compromised data?
In the first instance the information can be used by cyber criminals to gain access to your account where the data breach occurred. This could be something as significant as your banking details where money could be stolen, or it may be something relatively unimportant such as login details for an online forum, where little damage could be done.
The real problem begins where cyber criminals use those leaked details to attempt to access other systems. For convenience, many people have in the past used the same combination of email address and password across different systems, so very quickly the leaked logon details for your favourite online forum which is seemingly unimportant could potentially give cyber criminals access to your banking, social media, online shopping, and personal or business email accounts. From here the opportunities are endless for further cyber crime such as identity theft, financial fraud, scamming, ransomware and social engineering.
How to protect your accounts
We’ll be covering good password practice and how to protect your personal and business data in more detail in a future blog, in the meantime you should check/implement the following as soon as possible
- Update any passwords still in use that may have been identified via the Hack Check tool
- Don’t use the same password across different websites/systems, and ensure that your passwords are reasonably complex (for example at least 8 characters with uppercase/numeric/special characters)
- Use a secure password vault to record your logon details.
- Implement Multi Factor Authentication (MFA) where possible. You probably already use a form of MFA for your online banking, where in order to log in you need something you know (your password) as well as something you have (a code from a text message or smart phone app). This is an excellent way to prevent unauthorised access to your accounts even if your logon details have been compromised, and many other organisations support MFA (Microsoft, Google, LinkedIn, eBay, Facebook to name a few)
- Ensure your business has a fully managed IT service in place. All our support packages detect and prevent unauthorised activity, keeping your business data secure.
In the meantime if you’d like more detailed information on how to protect your data, or for questions regarding MFA, you can contact us here