Data breaches are a dreadful notification to receive. You will be notified via email, informing you that one of your online accounts has been breached. This could be from any website you have signed up to in the past, which has requested information about products or services. Putting things in place preventing a data breach is key in order to comply with GDPR.
Who hackers focus on
Surprisingly, hackers tend to concentrate on companies, as opposed to personal data. This is because companies have thousands of people who have signed up to receive information about their products or services. Therefore, hackers can get as much data as possible. Collecting data in scale is what they start with. Then selling this data on, making money from as many additional sources as possible.*
Where hackers target
It all starts with your password. As we have just mentioned, data is valuable to hackers as they can quite simply turn your information into cash. The sort of information they are looking for is banking information, PIN numbers and government issued ID numbers. Giving them the opportunity to steal both your identity and your money. They will also try and access other online accounts with your username (which tends to be your email address), and the password they now hold.
The other thing to note is that hackers do not care about the money in your actual bank account. Through identity, rather than monetary theft, they can open new credit cards, apply for loans in your name, and target family and friends through your email account. Put simply, one exposed password can unlock more accounts than you can ever have imagined.
What exactly is a breach?
A breach is when cyber criminals steal, copy or expose personal information from online accounts. It happens when hackers find a weak spot in website security. The time between the breach being found and you to be notified can be days, weeks, months or even years.
What to do if you have been hacked
The first thing you need to do is revisit the website where your data has been compromised, and try to log in. Expect to be locked out of your account as the hacker will have changed your password. After you see the ‘not recognised’ notice pop up, click on the ‘Forgot Password’ link and follow the instructions to reset your password.
How to create a secure password
When you are creating a new password following this breach, do no reuse any others that you may have, or add another number to your existing password. Here are some of the worst passwords of 2018, to give you a clue on what NOT to change it to!
Here are some top tips on creating a secure password:
- Combine three or more unrelated words, and change letters to numbers or special characters
- Make your password at least 12 characters long (the ideal is between 15-20)
- Use a combination of upper and lower-case letters, numbers and symbols
- Include unusual words only you would know
- Spread various numbers and characters throughout your password
- Create unique and complex passwords for every site
- Use an extra layer of security with two-factor authentication (2FA)
Many websites now offer two-factor authentication (2FA), also known as multi-factor authentication. As well as requiring your username and password to login, 2FA requires another piece of information to verify yourself. So even if someone has your password, they will be unable to log in. We would recommend you setting this up on any website that gives you the option.
On average, we all have around 90 to 100 accounts online, which is a lot of passwords to remember! Password managers such as LastPass and Dashlane are a great way of securely storing all of your passwords in one go. They also have secure password generators to help you come up with new passwords for each website you log in to. With mobile phone apps, they make it easy to log onto your favourite sites on the go too. Helping you to stay safe on your smartphone.
Breaches do happen
One thing to remember is that breaches do happen. Even some of these password managers can be hacked, so if you can create your own unique way of creating and remembering passwords that is best. Three random words, substituting various characters with non-alphanumeric ones is just one example.
Whichever option or combination you choose, make sure you create a strong password. You can check the strength of your password here – https://howsecureismypassword.net/
InfoLore are available to offer support on your journey to GDPR Compliance and have a GDPR crisis management team here to help you. If you like our articles / blogs and would like to be kept up to date with GDPR and cyber security, please sign up to our newsletters. We promise not to send more than one a month, and only if we have sufficient information to impart.
*If you wish to know more about the actions hackers take with your stolen data, read this article.