With fraud and cyber offences now making up almost half of UK crimes, it comes as no surprise that the security of personal data and other sensitive information is increasingly becoming the concern of customers and businesses. Here, we’re giving 5 tips to help keep your details safe.
Enable two-factor authentication
Simple, and incredibly effective? Or time-consuming, and downright inconvenient? The jury is out on the practicality of two-factor authentication (2FA), a derivative of multi-factor authentication (MFA).
Whilst multi-factor authentication denotes a type of sign in system comprising of two or more ‘factors’ – eg. a password, a single-use 6-digit code, and a fingerprint to log in to one’s account – two-factor authentication typically includes the use of a password in principle, which in turn generates a special code sent to a mobile phone or by email.
This ensures there is a second level of identity verification in order to gain access to one’s account. Once the correct password is entered, and the user inputs the unique, randomly generated code, access to the account is then granted.
A remotely based hacker, who has managed to ascertain the password of an account, will be unable to breach the second factor of authentication because this requires access to a physical asset the real account owner is in possession of.
The most common second verification steps include: fingerprint, retina and face recognition, and unique codes sent to account holders by email and SMS.
Whilst the above is simplistic and infinitely improves the resistance of your account to hackers, inconvenience occurs when your account provider takes any length of delay in sending you the vital second-stage login code. What’s more, if codes are being sent to your mobile phone, logging into your emails would be dependant on the whereabouts of your mobile. Lost mobile – no account access. Some providers allow for a back up device to be set up, and this is thoroughly recommended.
Receiving a special code as secondary log on information when you, the real account holder, has in fact not attempted to log on serves as a notification that a hacker may have cracked your password. This feature allows you to be vigilant; notify your provider of the attempted breach and change your password as soon as possible.
Verdict: two-factor authentication – you’re worth it.
Never use public WIFI to transmit sensitive information
The existence of free public WIFI in a coffee shop, at the gym, or onboard a train can feel like Christmas has come early. Start reading some news articles, check the weather by all means, but beyond this, proceed with caution. Logging in, signing up and registering details of a sensitive nature can be perilous when connected to these free WIFI networks. Even checking your bank balance should be refrained from.
Public WIFI hotspots offer immense convenience and help halt the meltdown of your monthly data usage, but once put under the microscope their security features and capacity to shield your data from prying eyes may be surmountable.
First and foremost, there is no way to tell if the data you have sent has been encrypted. This means that potentially, the data you send can be made as public as the free hotspot you have just connected to. Equally as worrying, a recent trend has seen cybercriminals set up rogue networks, impersonating legitimate internet providers. An unsuspecting WIFI consumer would connect to this rogue network and have their sensitive information visible. Hackers also have access to software that allows them to snoop on WIFI signals and ascertain your login credentials for any platform you use during your browsing session. They can write special code that can exploit vulnerabilities in the operating software of the specific device you use.
The conclusive advice from security analysts and providers is to use a VPN to connect to a public network, in effect shielding your activity in a cloak of invisibility.
Use a password manager
How many accounts do you have to remember a specific password for? The average UK IT user would open more than 10 accounts across various platforms in any given year. Its easier to set the same password across multiple sites. Easier, but potentially fatal. Once a hacker knows a password to one of your accounts, this leaves the door wide open for them to take over your whole internet presence, and can lead to identity theft, financial loss and the consequences thereof.
Remembering a whole host of usernames and passwords is no small feat. Cue the solution, the password manager. Unique, strong passwords per individual site you use can be inputted on demand via password managers. All you need to do is remember your master password for the password manager and then you are in a much better position to defend your identity from a single password breach.
Never give away personal information over the phone
Most banks have this policy and are now, due to the increase in fraud and identity theft, advertising the fact that they will;
- Never ask for a pin
- Never ask you to send bank card details or cash
- Never authorise payments, or ask you to move your money to another place
- Never email you a link to enter details online.
If you’re unsure whether an email is authentic, check the recipient email address. They are usually easy to identify, however, call the company directly to verify, or visit their website without using the link provided.
Lie when setting up security questions
What’s your town of birth, what’s your mothers maiden name, what’s your fathers middle name?
These all too common security questions are for the most part quite easy to find out the answers to via a simple googling by a sophisticated cybercriminal. Answers to these questions provide the backbone for submitting a password reset request to your online accounts.