What have we learnt from cyber security breaches?

Threats to cyber security

The past year has seen the highest number of cyber security breaches on record. Large reputable companies such as Tesco, Yahoo and TalkTalk have all been exposed for such breaches, with the companies facing large fines and a lack of confidence from consumers. What does this mean for us and how we keep our personal data, identity and money safe? Does this mean we are never safe? Not necessarily, but knowing how to keep your personal data and your business safe has never been more important. We have studied some of the largest data breaches and have the following tips for preventing cyber crime.

Your favourite colour is not a safe password

Although they didn’t realise it until 2016, the Yahoo data hack actually took place in 2013. This means that for three years users were continuing to use their accounts without knowing they were at risk. So what could have prevented one billion user accounts being hacked? For a start, make sure your password is not something that can easily be guessed, such as your favourite colour or your child’s name. Further, it is best practice to change your password at least once a year. This means that if any of your accounts have been hacked you have a much higher chance of protecting your personal information. Some businesses require some of their staff to change their passwords each year for this reason.

One password for all accounts is not good enough

Many people think having one or two different passwords for all their accounts is smart because it allows them to log into their account from any computer without having to remember the password. However, this allows hackers to access multiple accounts once they have hacked one account. We recommend downloading a password manager, meaning you only need to remember one unique password, with the password manager creating and storing a unique password for you every time you create a new account.

We often think we are safe when we aren’t

Do you or your staff complete work from home? How does your staff access Wi-Fi? How do you store personal data? When we read about cyber security threats, it is easy to feel that we are safe and we will surely never be a victim of cyber security. However, the fact that customers of reputable companies such as Tesco, TalkTalk and Yahoo have all been victims shows that no one can be 100% safe. Every so often, it is important to assess your cyber security risks. We recommend taking the VinciWorks cyber security assessment, a great tool for any professional who uses a computer at work.

Always have a cyber security plan

When Tesco Bank was hacked, they admitted that money was stolen from up to 20,000 accounts and under GDPR, it is understood they would be liable for fines of up to £1.9bn. While customers were safe in that the law requires banks to refund any money stolen from accounts in this manner, Tesco has been heavily criticised for seemingly not having a plan in place to deal with the issue quickly enough. Whether your company is a small health clinic or a global bank, it is important to have a plan in place should your organisation be under threat of attack.

Emails – be careful what you click on

In 2016, over 30% of phishing emails were opened, a scary statistic considering the number of high-profile cyber security breaches experienced this year. Many spam emails contain links that, if clicked, download spyware onto your computer. This is known as phishing. The spyware allows fraudsters to steal your personal information by “watching” you log into your account. As well as having a strong firewall and antivirus software on your computer, you should never click on a link from an email address you don’t recognise. Further, if you receive a document to download with unclear or no text from an email address you do recognise, your friends’ email account may well have been hacked. In this case you should certainly not download the file and you should tell your friend immediately so they can alert their mailing list that they have been hacked.