Christmas is almost us upon us! Unfortunately, at this time of year there is a heightened risk of cyber-attacks due to among other things an increase in email traffic marketing Christmas gift ideas and then post-Christmas sales. This presents an increased risk of phishing attacks.
Step 1 – Password Management:
Change your password. Now, right now. Please. Yes, it’s a faff; yes, you will need to think of a new password and then remember it. Yes, you could do it tomorrow, but you won’t. Do it right now. NOW!
There are millions of emails and passwords for sale on the Dark Web that have been breached by companies that have not protected your personal data sufficiently. Cyber criminals can buy this data for pence/cents and use a computer algorithm to test the email / password combination against web facing email portals – think: Hotmail, Gmail, Microsoft 365 etc – to gain access to your emails. They will look for social media accounts and online high-street accounts and then test your email password combination to gain access. From this they can gather more personal data until they may have enough to take out credit in your name or use your saved payment cards to make online purchases.
Changing your password associated with each of your email addresses is the single greatest defence you can make to protect yourself against a cyber-attack and will instantly make yourself, your family and your business safer.
Step 2 – Personal Data Breach Identification:
Next it is a good idea to understand whether your data has actually been breached so you can put in place other measures to protect yourself. First let’s understand the problem. To do this you can use a free service provided by haveibeenpwned.com (HIBP). To put your mind at ease, the site is run by ethical hackers. What is that? Think of hackers in terms of angels and demons. Demon hackers are criminals and naught boys and girls. They are not on Santa’s list. Angel hackers are those with the same skill set as demon hackers, but with decency, morals and integrity and are good boys and girls. They are on Santa’s list. Angel hackers use their skills to protect mankind. Legends!
Anyway, enter all your email addresses one at a time into the search function. HIBP will then tell you whether the email is associated with a breach and if so, what other data has been breached.
Oh no, you’ve been breached. What now? Well because you have already changed your password you have broken the chain and are already safer. What we now need to understand is whether you have been entered into any spambots. Spambots as the name suggests are bots that send spam to you. Some spam is laughable, other spam is highly credible. The problem is that if you are tired, rushing, distracted and/or hungover and unthinkingly click a link in a spam email, you could have executed malware or ransomware on your device. Remember, the cyber-criminal only needs to be lucky once, you have to be lucky every time.
So, what to do about it, unfortunately the only way to rectify and avoid your exposure to spam and thus the chances of clicking on a malicious link is by changing your email address. This is best done by transitioning emails address information on websites over a period of time.
Cue you: “What!!! You are kidding right? I have had this email for a gazillion years. My world will cease to function if I have to change it. You have no idea. No, frankly it’s impossible, inconceivable. I won’t do it… That’s final.”
Don’t be a victim, do the right thing and protect yourself.
Step 3 – Check your Anti-Virus:
Make sure your Anti-Virus is installed, activated with a valid licence and updated. Remember, in life you get what you pay for. While there is free anti-virus available it will not protect you sufficiently. Competition to provide the best anti-virus changes year on year between the main vendors, as they achieve technology breakthroughs in response to the evolution in cyber threats. The best thing to do is check a site like www.techradar.com or www.pcmag.com for reviews of the best current anti-virus. There are always new customer deals. We recommend buying a one-year licence, and then when it comes to renew assess which company has moved to the forefront of anti-malware protection. There will always be new customer deals to be had.
Michael Wills is co-founder and chief data officer for CSS Platinum.