Ever had your on-line identity stolen? The answer is most probably yes.
Everyday we join millions of others on-line to socialise, get informed, shop and work. At the same time we leave a trail of information about our identity – who we are, who we know and what we are interested in. It’s also now almost impossible not to use the internet to buy products and services, access our bank accounts and see our latest utility bills.
Cyber security continues to be a confusing world with experts recommending multiple passwords (changed at regular intervals), fake birth dates and multiple factor authentication. Each website can have quite different way of securing your data which can be incredibly confusing if we only visit that website once in a blue moon.
When we help manage websites at work for the company we work for it becomes doubly important as the repercussions of slack website security could effect not just ourselves but our work.
On the other side of the coin, logging on to the thousand and one different websites we visit to buy, sell, edit, converse or contribute to is getting to be a real drag with all the different usernames and complicated passwords of digits and symbols to remember. And, unless we’ve synched our multitude of devices properly, we also need to figure out which device we used last time we visited a site so we can retrieve the saved password.
So, why bother? And is it really as bad as the articles on-line suggest?
A recent article by Rowland Manthorpe, Sky’s Technical Correspondent, did a brilliant job of summing up the issue. He introduces his article about online security with the following…
Are your online accounts secure? It’s a trick question — they’re not. There’s a catchphrase in cybersecurity: “There are only two types of companies — those that know they’ve been compromised, and those that don’t.” The same goes for every one of us.
The list of companies who have had the details of their customers stolen includes some huge players – with the chances that in the past your personal information has been taken. The list includes Adobe, Domino’s, Drop Box, LinkedIn, SnapChat, Sony and many more.
So what do we do?
The website Have I Been Pwned? (https://haveibeenpwned.com) can tell you if your details have been compromised in one of the many high profile hacks of company’s personal data. It can also tell you if a password has been previously been collected by hackers making it more risky to use.
In the context of the workplace (and specifically looking after a company website) we would recommend thinking through a ‘what if’ scenario and making sure there’s a process for situations like a website being hacked going off-line. It would probably need to include answers to questions like who is responsible internally and externally for restoring the website? Is there a back up? What happens if it all happens when everyone is on leave on the 24th December? In many situations the knowledge to answer all the questions is with a very small group if not just one person. Having the process documented with all the relevant contact e-mails/numbers means you’re far less likely to be caught out.
We also think it a good idea to review what security you currently have in place and ask the question ‘What else could we do?’ to make sure options to increase security are considered going forwards.
We give advice to all our clients about our approach to cyber security and what people can do to make their website safer. You can contact us to find out more.
You can also read the article “You’ve already been hacked – so has everyone else” at https://news.sky.com/story/sky-views-youve-already-been-hacked-so-has-everyone-else-11843383)