2018 saw the continued trend of major data breaches with big companies such as Facebook, Starwood (a subsidiary of Marriott International) and British Airways losing customer data to hackers and rogue agents. As a result of these wide-scale breaches, there has been a surge in “webcam blackmail” spam emails with victims being presented with snippets of their own personal data, including sometimes old passwords. Victims are told that this information is proof their device has been hacked and is sending the blackmailer incriminating video footage of the user.
So what tips can you implement to improve personal cyber security? Firstly, the best defence against the above email and other phishing attacks (where a hacker tries to convince you that they are your bank, Netflix etc.) is to install a good quality commercial email spam filter - this should remove 99% of malicious emails as well as a fair chunk of sales rubbish. For the 1% that slip through, if in doubt, copy/paste a sentence or two into Google to see if others have reported it as genuine or fake. Never click on links you aren’t 100% sure come from a reliable source. Even if it does come from someone you know, if it doesn’t sound like them, don’t click on it as it could be someone impersonating their details, a trick called ‘spoofing’.
This kind of common sense approach will prevent your devices from becoming the source of a data breach, but as mentioned above, quite often the source of the leak comes from a third party company that you have entrusted your details with when registering with them.
Taking an approach to be mindful of your sensitive personal data being stolen, you can adjust your behaviour online. To prevent one breach of your password opening the floodgates to all your other online accounts, it’s important never to use the same password more than once. You can do this by using a ‘Password Manager’ such as LastPass or Dashlane. Products like these install as a plug-in to your favourite browser – when you log into or register with a secure site, it offers to save your credentials, and when you return, it will offer to fill them back in again. Most importantly, it gives you the option to pick a random password when logging onto a new site which it will remember for you.
Of course, you have to set a ‘Master Password’ for your password manager, but this can be made to be more secure by using Two Factor Authentication such as your fingerprint, Google Authenticator or a restricted IP address. Entering a random password like ^Gt4%rgs&1 can be difficult on a smartphone. Most password managers have an app you can install which will handle logging into websites and apps on your phone for you.
Some password managers also include features such as Password Review tools which will scan your existing credentials for weak or duplicate passwords. They can also browse the Dark Web and security channels for notifications of data breaches and prompt you to change your password if a site you’re registered with has been hacked recently.
In conjunction with a Password Manager, we would suggest setting up a secondary email account or use a ‘Burner Emails’ extension. The first is simply an alternative free email account (Gmail or outlook for example) which you can use for signing up to websites you’re not 100% confident about. The second option is to use a ‘Burner Email’ plug-in which can help you generate a unique email address for things like newsletters which will auto-forward onto your main account. If a website becomes too annoying with their newsletters or you find lots of spam coming through one particular account, you can turn off the auto-forwarding and ditch the account forever. They will typically include a burner email manager too to help you keep track of your hundreds of unique addresses.
Finally, it’s also worth considering what steps your workplace is taking to prevent data breaches too. Spam filters, password managers and burner emails should also be used within the workplace, but because companies are more likely to be specifically targeted by hackers, they should take extra steps to protect their staff and customers. This can include issuing advice to staff on how to protect themselves when out and about, conducting regular vulnerability scans and installing a managed firewall.