We’ve been warned to protect our online credentials and, the reality is, the majority of us follow the advice. We’ve installed firewalls, got some anti-virus software, never follow links in emails or open attachments from someone we don’t know or trust. Sorry to burst your bubble but it isn’t you that’s been hacked. It’s your information stored by the companies you trust that’s been compromised.
Since the start of this year, globally, there have been 365 data loss incidents involving 126,727,474 records. According to research by analyst house, Juniper Research, 90% of organisations have suffered data breaches in one form or another over the past 12 months. Testament to this is the number of household brands that have inadvertently divulged the information of hundreds of individuals:
– Epsilon’s mailing lists were breached which affected, amongst others, a number of UK brands including Marks & Spencer and Mothercare
– Personal information belonging to 34,000 investment clients of Morgan Stanley Smith Barney were lost, possibly stolen, in a data breach
– Sony Playstation had its systems hacked with the personal information of 77million gamers accessed.
– Numerous incidents by the NHS that holds millions of sensitive personal information records for almost every individual in the country
– RSA experienced a breach that has jeopardised the security of hundreds of users of its physical two factor authentication tokens
– Travelodge is still holding its cards very close to its chest but it has confirmed that the email address of some of its customers have been sent spam messages.
We conservatively estimate that the average family’s personal information has been breached 10 times since June.
Organisations ask you to trust them to store your information. They even provide a box for you to tick to show that you don’t want your details shared with ‘interested third parties’. And, with the best will in the world, they don’t intend to spill their databases into the black market. However, the stark reality is that all too often someone’s lax security controls allow a malicious person to gain entry to your personal records.
Too Little Too Late
Each time an organisation is breached we see them desperately trying to reassure customers that it’s all going to be okay. For example, Travelodge was at great pains to inform its customers that it hadn’t made any money by selling its customers email addresses or that their financial information was affected.
What organisations fail to grasp is that, each time your record is breached, organised cyber criminals are piecing together bits of information about you, your habits, and that of your family’s that together creates a complete picture.
There will be some that argue – what can be done with an email address? Well, a criminal could spoof you into responding to a phishing email purported to be from the bank you use or the agency you trade with. If they have some further details about you, for example date of birth, children’s names etc. they may be able to ‘guess’ your password and access your trading account. Some of you may even recall, back in 2008, when Jeremy Clarkson printed his bank account details in his column in The Sun believing there was little criminals could do with the information other than put money into his account. A £500 direct debit in favour of Diabetes UK proved the point nicely.
Take Back Control
You can’t personally go into every organisation and ask them how they protect your information. That said, perhaps if more people were willing to challenge organisation’s about their security strategy before doing business, companies might do more to protect your information.
Here is a list of things you can do to prevent cyber-criminals capitalising on your personal information :
– Put a lock on the door by installing a firewall and make sure it is properly configured and up to date
– Keep your operating system and browser patched and up to date
– Install an alarm by using industry standard anti-virus software and make sure you install any updates. Malware infecting your computer can be an avenue for hackers to gain access to your personal data.
– Restrict key holders by not sharing your password with anyone. PCs allow you to create user accounts for a reason!
– Change your password regularly and make it hard to crack – but one you can remember without writing it on a post-it-note and sticking it to the screen!
– If you change your PC make sure you get the hard drive scrubbed. It’s amazing what criminals can pick up on ebay
– Be careful about the personal information you divulge when filling in registration forms. Ask yourself whether the organisation really needs that much information about you and, as importantly, can you trust them to keep it safe?
– Be careful what you tell strangers on social websites, forums and in chat rooms.
– Question the validity of emails you receive and never click on an embedded link or down load attachments if you’re at all suspicious.
Trading is a risky business but, with thorough research, you know what you’re exposing yourself to. By fully understanding the risks other organisations lax security practices have exposed you too, you can protect your investment by protecting what you do virtually.