Why changing your password is never enough
It’s become more common than not in recent years to experience a security breach -- whether it’s your company records or your personal social media accounts, data on the web today is not as safe as it once was.
Often, people think that because their personal information is protected with a strong password, it’s enough to ward off hackers and cybercriminals. This, however, couldn’t be further from the truth. Let’s learn why.
If you’ve just been hacked, the typical response is to change your password on the affected site and continue on with your normal routine, hoping and thinking that the worst is over. In reality, however, this is just the beginning.
It’s typical for sites to request or require you to log in with your email address in place of a username -- meaning, now your email address and all other sites you use with that email address are vulnerable as well. And, once they’ve got your email address, cyber criminals will begin the next stage: phishing.
In simple terms, phishing is a technique used by cyber hackers to trick unsuspecting people into handing them sensitive information like usernames, passwords, banking information by pretending to be someone trustworthy. In recent years, phishing has moved from phone calls to emails, social media, and instant messaging. In phishing emails, cyber hackers might send links to websites infected with malware, or propose that users enter personal details into a fake website that looks realistic. And, once they’ve gotten a hold of sensitive information, they can use it commit identity theft, charge your credit cards, play with your bank accounts, read your email, and even lock you out of your own accounts. In a workplace environment, especially, phishing poses a serious threat, as cyber hackers can steal information that can affect an entire company -- bringing on major financial losses.
In addition, resetting your password to something stronger -- as many news sites will wrongly recommend -- doesn’t help if your entire computer has already been affected with malware. If your computer is infected, for example, cyber hackers would still be able to spy on you, follow your every move, and learn your new password.
Gmail, for example, asks you to reset your password each time it detects suspicious activity related to your account. This is a good first step, but be sure to read the fine print and use other tools to prevent and take care of malware.
What You Can Do
- If an email seems fishy (!), be wary of providing confidential information right away. There are several signs you can look out for to make sure you don’t fall for a phishing scam: unofficial "from" addresses (for example, if it’s similar but a bit different than a real email address), it says "urgent action required", a generic greeting that doesn’t use your name, or a link to a fake website. Plus, it might be smart to begin using secure messaging platforms to communicate instead, such as Nuro Secure Messaging in the workplace and Telegram for everyday communications. This way, links are scanned for malware before you have the chance to click on them. Not to mention, your messages are encrypted and safe from prying eyes as well.
- If you’ve been infected with malware, there are three things you should get: keystroke encryption, patch management, and anti-malware programs. And yes, you need all three to be completely safe. StrikeForce, for example, is a mobile security solution that offers a keystroke encrypted keyboard and browser, an encrypted password vault, and a one-time password generator for two-factor authentication.
In the end, education and preventative measures is key. It doesn’t help, despite how often news organizations might tell us otherwise, to simply change your password to something stronger once you’ve been hacked. Rather, there are several steps we must take to resolve these issues and defeat cyber criminals. Unfortunately, cybercrime and security breaches are only on the rise -- hopefully, in using the right tools, we will be able to curb the losses that come with it.
Omri Toppol is the CMO at LogDog. He is passionate about technology, digital marketing and helping online users to stay safe and secure.