Over the past two years, the UK government’s cyber security awareness campaign ‘Cyber Aware’ has tried to encourage behavioural change amongst internet users, to adopt simple, secure online habits to help protect themselves from cyber criminals looking to steal and use their personal data.
It’s messaging is designed to be uncomplicated, yet informative, ensuring that individuals and businesses alike can contextualise cyber-related crime in the same manner as more ‘traditional’ criminal activity such as fraud or theft, focusing in on tasks such as enhanced password security and software updates.
However, even if users follow these simple actions to help enhance their online security to the letter; is their personal data really safe?
With the advent of GDPR in May 2018, users might be thinking that their personal data is certainly safer from criminals than it was a little under 12 months ago; by virtue of it being stored on less databases, by less companies and in a more secure manner. This might have some truth to it, however, with the vast number of leaks businesses that store personal data have had over the last few years, user’s private information could have been lurking in a criminal database on the dark web for months before GDPR even came into force.
In January 2019, security researchers discovered the Collection 1-5 Database, which contains billions of usernames and passwords, circulating on the dark web. A large part of this stolen information has subsequently been made public across the internet, where it serves as the starting point for other illegal activities.
Once personal information is released on the net, (e.g. telephone number, date of birth or address), this can then be misused for malicious purposes, such as ‘credential stuffing’ attacks, which is an attempt to compromise online accounts using the personal information a hacker has available to them, it’s simple, but can be devastatingly effective.
(To see if your personal data may have been compromised, check here.)
However, it’s not all doom and gloom, under GDPR, companies that have security incidents involving customer data are now required to report breaches to regulators in a prompt manner. This wasn’t always the case, as evidenced by Facebook, who are facing scrutiny to determine whether or not they should have told users and regulators sooner. Last year we spoke about the information that Facebook really has on its users.
Passwords
The best thing users can do to be more secure online is to use strong, secure, unique passwords for all the platforms they operate on, in particular, the primary email account that’s associated with their online activity, such as the one used for online stores and subscriptions.
A sophisticated password is often made up of a combination of words, upper and lowercase letters, special characters and numbers. (And no, not ‘Pa55word!’).Instead of trying to remember multiple complex passwords, users can utilise handy password managers to help store the data securely. 1Password or LastPass are two reliable platforms that are user-friendly, and offer a range of personal, family and business options.
Two-factor authentication
Two-factor authentication provides an extra-layer of security to augment the unique and complex passwords, it means that user accounts can only be accessed on a device that has already been registered.However, sophisticated cyber criminals are now using stolen mobile phone numbers as means to bypass security checks to get users personal information.
Install the latest software and app updates
Cyber criminals use weaknesses in software and apps to attack devices and steal user identities. Software and app updates are designed to fix these weaknesses.
Software and app updates are often neglected by users as an unnecessary annoyance, but many applications subvert this by providing the option to choose to install at night whilst the user is asleep, when the device is plugged in or set to automatically update when connected to Wi-Fi.
The government led Cyber Aware campaign certainly has its merits, especially for the casual internet user, who isn’t intrinsically linked to Cyber Security practices through their work or personal interests. For others, such as the victims of cyber-based fraud or those who have had first hand experience of phishing scams, malware or ransomware attacks, then this will perhaps seem too-little too-late.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.