This is not something that can be ignored.
According to JM Finn’s Chief Information Security Officer (CISO), Jon Cosson, most cybercrime can be prevented by avoiding some elementary errors and taking some fairly basic precautionary steps.
Here, Jon highlights a few dos and don’ts surrounding passwords – the single most troublesome issue when it comes to hacking as well as some actions to take should you find yourself in the unfortunate situation where an online account has been breached.
Passwords
Weak passwords are arguably the main reason people get hacked. Passwords are stolen from websites every day, and whilst these are often encrypted, if the password is weak they can be attacked and the clear text codes revealed.
Consider following these simple Dos and Don’ts to minimise your risk:
Do
- Use strong passwords for all your online accounts
- Use different passwords for different accounts
- Use multi-factor authentication, such as the biometric login function available on most smartphones
- Mix Complexity with length: passwords should contain at least 12 characters and not use single dictionary names (or variants of those names)
- Make passwords that are hard to guess but easy to remember
- Use a Password Manager: the more complex the password the harder they are to remember so consider using either a web-based or standalone manager to help
- Change your password at least every 6 months
- Regularly check your passwords using ‘Have I Been Pwned' Website
- Change your home Broadband Router/Hub default password
- Change all your home devices (that connect to the Internet) default login password i.e. devices such as CCTV Monitoring, video door-bells
Do Not
- Disclose your password to anyone under any circumstances
- Use the same password across multiple accounts
What to do if your account is hacked
Whether it's your email, social media or some other type of online account, there are numerous ways to alert you to the fact that someone else is accessing your account. Being locked out of the account is an obvious indication that something has gone wrong, but the signs can be more subtle. Things to look out for include logins or attempted logins from strange locations or at unusual times. Changes to your security settings and messages sent from your account that you don't recognise are clear indicators your account has been compromised.
However you discover the problem, once you know your account has been hacked, this is what you should do:
- Update your device: the Operating Systems and apps on the devices you use should all be updated which will install the latest security fixes.
- Contact your provider: if you can't access your account, go to the account provider homepage and find a link to their help or support pages which will detail the account recovery process.
- If your email account was hacked: once you've regained control, check your email filters and forwarding rules. It is a common trick for the person hacking an account to set up an email forwarding rule that sends a copy of all your received emails to them.
- Change passwords: once you have confirmed there are no unwanted email forwarding rules in place, change the passwords on all accounts which have the same password as the hacked account. Then change the passwords for all the other accounts that send password reminders/resets to the hacked account.
- Notify your contacts: get in touch with your account contacts, friends or followers to let them know that you had been hacked. This will help them to avoid being hacked themselves.
- If you can’t recover your account: you may choose to create a new one. Once you've done this, it's important to notify your contacts that you are using a new account. Make sure to update any bank, utility services or shopping websites with your new details.
- Contact Action Fraud: if you feel that you have been affected by an online crime you can report a cyber-incident to Action Fraud using their online fraud reporting tool.
For further information about how to protect you and your families from cyber crime, please see our cyber crime awareness guide which can be downloaded at: www.jmfinn.com/cyber-crime-awareness.
