What should I do if my details have been compromised?
It is not uncommon to find out your personal details have been compromised in a previous security breach. The type of breach, the infromation leaked and the sort of service can all have an impact on what you should do, but these are some common steps that you should consider to protect yourself and your organisation:
- Change your passwords – your e-mail password is arguably the most important as if someone compromises your e-mail then it often allows access to all other services to which you subscribe.
- Do not use the same password for different services – a trustworthy password manager can help so as you do not need to remember a multitude of different passwords. If you have used the same password elsewhere change those passwords too.
- Do not store your passwords on your computer – if your computer becomes compromised then the attacker has just gained access to all of your other passwords
- Ideally use a trustworthy password manger and make sure it is one that encrypts your passwords. Always remember the encryption password – if you lose that then you lose all of your passwords in one go!
- Contact your bank as soon as possible if the security breach contains any debit or credit card information. If you are not sure then it pays to air on the side of caution.
- Always find contact details yourself for example if you receive an e-mail asking you to contact your bank, use the telephone number from their website rather than using one contained in the e-mail. If the e-mail includes a link to their website then dont use it. Go to the website yourself to ensure you are not being dupped into going to a rogue copy of the site elsewhere.
- Check your accounts for unusual transactions as soon as you are able, and if the bank cancel your cards don’t forget you may need to update any subscriptions you have setup on that card with new payment details.
- Check your account details. If a service you use has been compromised then check your personal details when you log back in. Is your address still correct, is your mobile phone number still correct. For various resaons sometimes hackers will change your personal details, for example to make it easy for them to get back into your account in the future, or so as they can order products and services which are delivered elsewhere.
Knowledge is key to success
If you are responsible for IT within an organisation then it is important that everyone who uses the computer system is Cyber Aware. You can have the best antivirus, junk mail protection and network firewalls available, but your biggest risk is still quite possibly untrained staff.
Consider implementing a package such as Conquest’s Final Defence to ensure your staff are properly trained and kept up to date.
Final Defence assess your staff’s knowledge of best practices in a quick online test. It identifies any weak areas and quickly brings them up to standard by automatically delivering short 10 minute interactive online tutorials on any areas in which they may lack knowledge to keep your system safe.
For more information about Conquest Final defence click here.
How do I choose secure passwords and keep them safe?
How do I choose a secure password and how often should I change it.
Previous thinking was that a secure password such as 8l6*g89Go9@Mi was better than a simpler one made up of one of more words you would find in the dictionary. However opinion has recently shifted back again and the current recommended way of choosing a secure password is to pick three simple memorable words and mix in some symbols and numbers for good measure.
The honest truth is that there is no one rule that works for everyone. There is no doubt in technical terms alone a random string of letters, numbers and symbols makes for a secure password, but this has to be balanced with other more human factors. If you pick passwords that you cannot remember and need to write down, or that you do not change frequently this also causes a risk.
Our advice is to ensure you are making your passwords as secure as possible in a way that works for you.
If you are tech savvy, then the best method is to use a trustworthy password manager that stores all of your different passwords for you. Make sure they are all unique and, as the password manager is handling them for you then you can use very secure passwords consisting of long strings of random numbers, letters and symbols. Make sure the password you use to access your password manager is secure, pick something you will remember as that is the one password you will always need. Change your passwords for other services periodically – some password managers will actually do this for, selecting a new random password, changing it with the service in question and updating the record in your password manager for you – all at the click of a button.
If you are not going to use a password manager then pick a system which works for you. Your passwords need to be complex enough that they are secure, but balance that with your ability to remember them. Don’t store a list of your passwords on your computer and don’t use anything obvious like your dogs name, your car registration or your daughters birthday. You still need to make sure that you do not use the same password across different services, but if this means you are going to have trouble remembering so many passowrds then consider using a format of password that only you know, but that allows you to remember different passwords for each site. For example at online shopping sites you could incorporate the name of your favourite product available at that site into a standard password to make it unique to that site. Most importantly understand that by choosing not to use a password manager you are not selecting the most secure option, but that you are making the second best option as secure as you can.