Cyber security breaches were a regular occurrence in 2015.
The TalkTalk hack and Wetherspoons leak exposed a lack of expertise at UK companies and poor cyber skills in the workforce. But customers faced the greatest threat after many had their personal details exposed.
The TalkTalk attack exposed 21,000 customers’ details to fraud, while names and addresses of 1.2 million were affected. Some people have described hundreds of pounds disappearing from their accounts.
In December, Wetherspoons, the UK pub chain, said that 650,000 people might have had their personal details leaked, and that the card details of 100 people had been compromised.
Hacking can happen to anyone, but there are some careless mistakes that put you at greater risk of having details stolen or exposed.
Martin Borrett, IBM distinguished engineer and CTO at IBM security Europe, advises senior level managers on how to tackle cyber threats. Borrett told the Independent five simple ways to limit your exposure online.
1. Use complex passwords
People use easy to guess and similar passwords for the simple reason that they have too many and they can be hard to remember. But it is still one of the biggest security mistakes you can make, according to Borrett.
Organisations and businesses still leave default administrator account on systems – where the user is “administrator” and the password “1234”, making the hacker’s job easier.
“This is the enemy of security. There were several attacks in 2016 where someone accessed the server and went from one server to another to the crown jewels exploiting this lack of basic hygiene. This is a very obvious thing and it still happens, we should know better,” Borrett said.
An ideal password needs to be hard to guess. It should be long, have capitals, special characters and it should not be related to something someone might know about you (e.g: date of birth), Borrett said.
2. Do not click on email links or attachments you do not recognise
Malware – a malicious piece of code – could get on your machine when you open an attachment or link. Clicking on unknown links may lead to “phishing” sites that harvest usernames and passwords.
Pay attention to suspect emails as more and more hackers are getting sophisticated in the way they write them. It may be easy to avoid the email which claims you have won £10 million in the lottery. But it might get trickier to spot spam if you are recruiting potential candidates for a job or trying to sell something on eBay.
Borrett says awareness is growing but the IT landscape is continuing to change, which is why people need to be more vigilant.
“You’ve got more mobility, more use of Cloud and new technology innovation coming. That changes the landscape and it is something we have to pay attention to,” he said.
3. Avoid clicking on pop-up windows
If we are generally aware about suspicious attachments, we might not think that closing a pop-up window might make us vulnerable to hacking.
“When you are shopping online for instance, and get an add pop up, clicking and closing on one of those might actually install a malicious piece of code on your machine,” Borrett said.
These kind of attack could expose you to ransomwear – a specific type of malicious code that hold you to ransom.
Once the piece of code gets on your device or machine, it encrypts all of your data and you can unlock it unless you give this organisation a $100, the expert explained.
4. Check URLs
Hackers can harvest usernames and password using fake webpages designed to look like the ones you use, such as your bank or your Facebook account.
“You put your username and password in and in real-time while you are doing that, they are doing the same on your banking page. They are not storing it for later but robbing you real time,” Borret warned.
5. Install a piece of anti-virus software or web application firewall
It is important to have a piece of security code on your machine, according to the expert.
Most antivirus software automatically downloads updates on existing viruses and updates on new threats.
“It’s hard to survive without current up to date anti-virus software on your machine. You can’t be an expert on all of these sites, you need some protection. This would be like wearing a seat belt in your car,” Borrett said.