While not everyone takes it seriously, for most companies, and some individuals, it has been a priority to keep their passwords, personal information, financial details, and other sensitive data safe and secure. And understandably so as a data breach can lead to significant issues and can come at a huge cost for any business.
Yet, it appears that the need for businesses and individuals to adhere to data protection advice as well as adopt foolproof methods for keeping sensitive information safe and protected is increasingly important. As hackers are becoming continuously more sophisticated and efficient in their practices, (as revealed in the Verizon 2020 Data Breach Investigation Report), ensuring you're following best practices when it comes to protecting this information should be your top priority in any data protection policy.
Keeping Your Data Safe
There is an enormous amount of information out there about safeguarding personal and other sensitive information like passwords from cyber threats. Unfortunately, this information is so voluminous that some users, especially those who are not tech-savvy, may easily get confused on how to apply them effectively. Hence, we have taken the time to highlight the best practices for ensuring the safety of your data through the use of the right passwords, as well as the adequate protection of them.
Use Only Unique Passwords
The use of unique passwords for every account is vital to eliminate the risks that come through the use of passwords that have been previously used in a data breach. Although password reuse is a common practice among internet users, mostly because of the ease it provides, it is dangerously risky. Sadly, not many people are aware of the dangers this practice poses, such as the exposure of accounts to hacking. One of the potential impacts of password reuse is credential stuffing attacks, a situation where reused credentials are used to automate login attempts against systems, specifically through the use of known pairs of email addresses as usernames, and the corresponding passwords.
Adopt The Use Of a Sophisticated Password
The ever-improving efficiency of cybercriminals makes it appropriate and timely for businesses and internet users to replace regular passwords with sophisticated "passwordless" passwords. Now that even the strongest passwords are under threat as online hackers can detect and exploit them quite easily through phishing, the use of passwordless authentication systems is gradually becoming the preferred approach for every business or consumer with computer network access in place; as a way to reduce the incidences of a data breach.
Implement Multi-Factor Authentication (MFA)
Data threats come in many forms, but credential theft ranks highly considering the overwhelming dangers of having your personal information in the hands of cybercriminals who can perpetrate financial theft and other crimes with your identity. Internet users' credentials can be stolen either directly through phishing or by hacking into customer databases of businesses. However, credential theft can be reduced or curbed through the use of Multi-factor Authentication (MFA), which is a system that helps to verify a user's identity by requiring multiple methods of authentication. In this case, in addition to the usual username and password combination, a user must have another identifier before access to a resource can be given. This identifier could be a one-time code usually from a text message, a time-based code on an app, or a biometric test like a fingerprint or facial recognition. Therefore, it becomes critical to implement MFA on as many sites as possible to block any attacks that could lead to account(s) compromise.
Have I been pwned
A great tool managed by a security expert living on our own Gold Coast, is "Have I been pwned". I won't go into the explanation of its unusual name, but you can find that online pretty easily if you're interested. However, the tool is widely known and respected among the IT community the world over. Generally, typing your password into any website like this would be discouraged, but this site can be trusted for this.
There are two main facilities this site provides. The first allows you to type in your email address, which is then searched against their records to see if that address appears in the databases of previous breaches. If it appears, it will tell you what breach (or breaches) it appeared in. If you haven't updated your password since that breach, it is likely that is out there too. Update that password.
The second facility is much the same, but you type in one of your passwords instead. This will then check against the over half-billion real passwords that have been exposed in breaches. Again, it's best not to use any of these passwords.
If you want to discuss your security measures further, please reach out to your Client Services Manager.