Password Theft - How Protected Is Your Business?
Security has been a concern with the internet since its inception. Anyone who remembers the early
days of the internet
will remember how easy it was to cause fairly significant trouble. Employees left passwords in
plain sight. There wasn't
anything in the way of certificates, computer identification, or anything else to ensure
password safety. With these
vulnerabilities, it inevitably results in password theft.
Back then, there was no such thing as a secure connection. Even the banking systems were incredibly vulnerable. Luckily, these cracks in the system didn’t result in many newsworthy meltdowns because there weren't enough tech-savvy criminals to take advantage of them. Modern-day hackers could have done a lot of damage back then.
Since then, we've seen some significant cases of password and identity theft. The PSN fiasco with Sony is a recent example. Thousands upon thousands of users had their credit card numbers, passwords, and personal information stolen and sold off by Chinese hackers. Yet this could have been entirely avoidable. Had Sony prioritized two-step authentication (2FA), and better security protocols it wouldn’t have happened.
That was an attack on servers, which is hard to pull off when the servers are set-up properly. It usually involves either a brute force attack into the servers or finding an unknown exploit in the back door. In other words, it requires either bashing the front door open or finding an unlocked window. Smart businesses make sure their front doors are strong and their windows are locked!
Most password and identity theft won't happen through this sort of invasion. Like a large city, the internet has its safer and more questionable neighborhoods. There are also neighborhoods nobody in their right mind should be going anywhere near. Let’s take a walk around these neighborhoods and point out some of the risks.
How Hackers Steal Passwords and Personal Information
To steal passwords and other valuable information, Phishing is one of the most common types of cyberattacks. Hackers will send out emails containing malicious links to as many users as possible. That link takes users to a bogus, or spoofed site, and tricks them into giving out their private information.
Once hackers acquire this information, they will attempt to break into as many business and personal accounts as possible. And if they gain access to those accounts, it's only a matter of time before data is stolen or access to those accounts is lost.
SSL and HTTPS are security measures that provide certificate management to ensure foreign devices are not connecting to your account. They provide strong ciphers that prevent intercepted packets from being dismantled. It’s the equivalent of only allowing certain phones to dial into yours, and scrambling the voice on both ends so wiretaps can’t understand the conversation.
Unfortunately, people have the bad habit of accessing sensitive information over public Wi-Fi. Even with SSL enabled, public Wi-Fi can be very dangerous. Shady people can access your Wi-Fi transmissions without you knowing it. With enough hard work, they can collect your passwords, your personal information and even gain access to your devices. Once they're in, you are in a lot of trouble.
Another culprit is a lack of strong security on your computer or laptop. Without Windows defender or a third-party equivalent running in strict mode, you may allow sneaky executables to run in the background. These can log keystrokes, spy on your browser, go through your cache, and much more.
Knowing the Neighborhood is Important
Your first line of defense as a user against password and identity theft is to ensure that you only enter passwords and personal information into websites with the proper security in place. 2FA logins are currently the safest way to log in. And second, never enter private information over public Wi-Fi. This warning goes for your phone too.
When using a business device, you should avoid lesser-known sites, such as aggregate sites, fan-based websites, and other nonprofessional web sites. If you want to purchase something on noncommercial websites, make sure the exchange is through a safe, insured, and secure environment.
Finally, while at work, stay off the dark web entirely.
What If I am Compromised?
If you are compromised, report it to your IT department or Managed Service Provider immediately. If possible, back-up your hard drives. Report your credit cards as stolen, and talk to your bank. Later on, if you see fraudulent transactions on your account, debit, or credit cards, contest them immediately.
Once you have your system backed up and running, go through all of your old accounts and change every password. You may also want to change your mobile phone number. Hackers can sell that information too.
In the end, identity theft and password theft are usually the user’s error in judgment. Most employees don’t learn proper security measures, and they’re too trusting. It is important to teach everyone in your office proper password hygiene and basic security protocol. They need to know the rules of safety on the internet, and not be trusting of unknown people they come in contact with.
Sadly, because of these threats, we do have to worry about security and privacy. Like any other innovation, the internet was a dangerous place upon arrival. It’s a game between hackers and our security forces. If you're smart, however, you can avoid these traps. Contact us today to ensure your data, passwords, and privacy are protected.