As we reported in our most recent Digital Marketing Saturday Social (issue 10), LinkedIn suffered an attack last week in which more than six and a half million user passwords were stolen from the professional networking site. However, LinkedIn are far from the only high-profile company that this has happened to recently, with eHarmony also confirming a hack last week that was linked (no pun intended) to the hack on the world’s favourite professional social network.
It seems that many people who use eHarmony somewhat daftly use the word ‘harmony’ in their password for the site, and they also used the same password on LinkedIn. Of course, we all know that whilst even the most security conscious of us probably use the same password for a number of sites.
This is the worst thing that you can do, as many of us already know, but the problem is that so many people now have so many different websites that we’re all guilty of failing to think up and remember potentially hundreds of them. It’s more than just a tall order, you’d have to have a memory resembling that of an elephant if you’re anything like me.
The problem is not only that people use the same password for many sites though, the reason that these are able to be decrypted by cybercriminals is often due to the fact that they are weak. Passwords should use a combination of lower and upper case letters, punctuation marks such as underscores dashes and even exclamation marks and numbers.
At the back end of last year, Splash Data revealed the top 25 worst passwords of 2011 – and they really are just silly:
I mean, come on, password as a password, we really hope you don’t use that for online banking dear reader, as cybercriminals intent on parting you with your cash really won’t have to try very hard.
For SMEs, who don’t have the resources to employ IT departments to oversee chosen passwords, there are a number of password generating software options available, such as Symantec’s PC Tools secure password generator, which is a snip at just less than 20 quid. However, it’s little more than common sense and it’s the big boys who tend to be targeted, whether it be for financial, industrial or international espionage or just plain tomfoolery; however, the majority of hacking is carried out with financial gain firmly in mind.
With cyber-espionage now becoming more high profile in the media and the threat of ‘cyber-war’ becoming more real by the day, it’s really time that people began paying more attention to the security of PCs, databases, social media and email phishing and wised up to the problem. A lot of the time, many cyber threats can be avoided by just not clicking on that silly photo on Facebook, by ensuring that passwords are complex and unique to every site and by making sure that they have layers of security software that involves anti-virus, anti-spyware, link-scanners and a firewall.
It’s time to wise up, in other words – I’ve had so many people say to me that they’ve reposted some rubbish on Facebook as they don’t have the time to Google something to see if it’s genuine … really? Seem to have the time to copy and paste though huh?
For companies of course, it’s a little more complex than that as they have little control over some of their employee activity which might present a threat. However, a good rule of thumb for most companies would be not to keep an electronic record of your customer details unless it’s backed up by very good security and complies with government and EU privacy regulations.
For example, is there really any need to keep credit card details on a database unless you deal with recurring, monthly payments? It’s also a good idea to fully train staff on the dangers of malicious links, social networks, email attachments and phishing attacks – not everyone, in fact, very few employees have a clear idea of what they can and can’t do at work, as not many SMEs seem to have strong policies in place; this has been made even more of an issue since the introduction of BYOD schemes.
Cybercrime, in all its forms, is a lucrative business, which doesn’t just steal from big companies who ‘can afford it’, it affects us all. If not in terms of cash, then of inconvenience; if not in those terms, then the threat to critical nationalist infrastructures – imagine if Anonymous had been able to take out the entire internet as they threatened a couple of months ago? It’s all very real and although they may not have managed it, it’s known to be potentially doable and then you start to think about all the things the internet and technology now rely on throughout the world… emergency services, national power grids etc.
So guys, get them passwords secure and start ignoring sensationalist posts on Facebook – that’s a start to make sure our data, cash and country are as secure as they can be. After all, the cybercrime underworld is now worth much more than the drug trade in terms of how much cash it generates.