April 8, 2021
Author: Chris Hockings CTO & Master Inventor, IBM Security
So you’ve checked what your friends are up to on Facebook, ordered a new outfit online and just opened an email to find an urgent alert from your favourite charity. The email says your name, address and other sensitive information may have been compromised due to a security breach.
Personal information is your most valuable asset, and yet we are all guilty of scattering our most sensitive information across shopping sites, social media, email, online memberships and more. If your digital identity should fall into the wrong hands someone can apply for a credit card in your name, a passport or even a loan – for a full view of the potential threat the Australian Federal Policy (AFP) has provided useful, albeit scary, information on Identity Crime.
In response to the growing threat of cyber attacks, Australia’s Privacy Act requires organisations to respond to and notify those affected by security breaches once they’ve been identified.
Help! What should I do?
The changes implemented are a positive step, but what should you do if you get that dreaded email? And what do the changes mean for each one of us in the fight against cyber-attacks?
First and foremost, you need to act:
Be a good friend – let your friends and family know of the breach so they too are more aware of suspicious emails, text messages or links which might look legitimate because they appear to be coming from you.
Change your passwords – update all relevant accounts and where appropriate double up on two factor authentication.
Notify – immediately contact relevant institutions (e.g. banks) and providers so they can keep a watch on your accounts for any suspicious activity.
IBM Security helps organisations to detect, protect and respond to cyber breaches, to minimise the impact on their business and more importantly, to you the customer. However, individual security starts at home and so what are the simple steps you can take to ensure the safety of your personal information online, before an attack occurs? To keep your cyber-identity safe here are some tips from IBM Security experts on password hygiene:
Ideal Password = A Long, Nonsensical Phrase
While the “rule of thumb” for passwords in the past has focused on complexity – at least 8 characters combining letters, numbers and characters – guidance suggests longer “passphrases”. This might look like several unrelated words tied together that are at least 20 characters in length.
Store Passwords in a Digital Vault
Re-using passwords is a big no-no, because if one gets compromised an attacker can access other accounts as well. But let’s be honest, memorising a different password for each account is virtually impossible, which is why 81% to 87% of people re-use passwords in the first place.
Rather than try to memorise multiple passwords or store them insecurely use a password manager – which not only acts as a vault for existing passwords, but can also generate stronger passwords for you. Rather than managing over 10 passwords on your own, you’ll just have to remember the one key to your digital vault.
Lie on your Security Questions
Many account security questions ask about information that could easily be found online. Consider selecting questions that are opinion based – like your favourite colour or movie – or even using fake answers to ensure only you would know the answer.
Double Dip on Security Checkpoints
Many services nowadays allow for two-factor authentication (2FA,) which adds an extra security checkpoint. Determine which accounts are at risk/sensitive and add an extra login step to avoid a single point of failure.
The most popular example is an SMS sent to your phone at login, asking you to enter a one-time code to access the account. But second factor can be anything from an email to a phone call, an extra question before login is granted, or a hardware token generator that stands alone and produces time-based codes.
Get Down with Biometrics
Biometric authentication uses physical and behavioural characteristics, such as fingerprints, as a means of protection and can use the identifiers that are uniquely you as a safeguard. At the same time, experts have devised ways to make sure this data is collected and applied in a way that ensures privacy for consumers while preventing the ability for this info to be used by hackers.
Cybercrimes are fast and frequent. The best protection is awareness of threats and smart digital habits.