Apparently, October each year is designated CyberSecurity Month. Did you know? Do you care? I found out about it in 2020, but apparently its roots go back to 2004. It is a global initiative to raise aware about all things Cyber Security.
Let’s be clear, I am not an expert in Cybersecurity. However, I do like to think I have a good amount of common sense though and so here are my ramblings about Cybersecurity.
There aren’t many in this country who don’t access innumerable accounts online. With those online accounts come usernames and passwords. And of course, when we set up our first account, we used a password that we think we will remember and that nobody else will guess.
We chose a name of a pet or child. But then as people started to hack accounts, the requirements for the password meant it had to have a minimum number of characters, uppercase, lower case, numbers and other characters and before we know it, we have so many variations of the same password that we just don’t remember what they are. Additionally, we have had to add in other information such as our first pet and the old favourite “Mother’s maiden name” – I invented one so none of you will guess it!!
Because it got so complicated, our next step was to put them all onto a spreadsheet or word document. The problem with that is that if somebody hacks into your device, they can see all of your passwords. And now so many of these accounts are asking for 2FA (2 factor authentication) or MFA (multi factor authentication), so you have to either have an app or receive a text message to get into your account, making things more awkward still.
The banks are now instigating this for online payments adding to people’s frustrations, especially if you don’t have a smartphone with a signal to receive that all important texted code.
It’s a right pain in the neck, but it is there to protect us, because there are so many people that just don’t take security seriously. For example,
- do you check your bank account(s) and credit card account(s) daily. That takes just a few minutes, especially if you have an app on your phone. Quickly check the transactions yesterday and today. (I say yesterday and today because it is possible something went through after you checked it yesterday).
- People don’t use difficult to remember passwords
- they don’t think it is their responsibility to protect their data. If things get hacked, then it is somebody else’s fault.
Maybe it is, but in the meantime your bank account loses hundreds or thousands of pounds, your credit rating goes through the floor, and you spend hours trying to resolve the matter, not to mention the stress of it all. We all have a responsibility.
Admittedly, for a long time I used a variation on two or three passwords. Then when things got too complicated, I saved them onto a spreadsheet (password protected). I was concerned about people accessing the data via my computer, so I put the spreadsheet onto a pen-drive and hid the pen-drive. I printed out the spreadsheet & hid the spreadsheet. I would fish out the spreadsheet when I needed to remember a password. When I got new accounts and passwords or changed a password I wrote on the spreadsheet and then when the spreadsheet started to get a bit messy, I would amend the electronic file on the pen drive and print out a fresh one. All very analogue, but actually the chances of a cyber-criminal entering your home and finding a hidden piece of paper is more remote than them hacking into it on your computer. It was just a bit inconvenient when you want to access the login details for a particular account!
And before you say they can’t hack into my computer – I am more savvy than to let a cold caller access my Windows computer (how many of those calls have you had?), are you sure somebody is not outside your house hacking into your router right now? When was the last time you changed the password on that? Do you know how to? Did you even know you could?
And the hackers are becoming more sophisticated. You cannot be too careful. Sometimes an organisation will ring you legitimately and ask you to confirm your details (usually your name, address and date of birth) for security purposes. Those are in the public domain but if they start to ask more specific questions, I won’t reply. How can I be sure they are who they say they are? If it really is legitimate, they will understand your point of view and give you the details of who is calling and then offer you the opportunity to call back and give you a number. You can then search that number on the internet before calling it to make sure it is legitimate. Don’t call straight back either. Or if you do, use a different telephone number. If you can’t use a different phone line, call a friend or family member to ensure the person at the other end has genuinely cut the line.
Don’t be scared by some of the tactics either. HMRC will never have a warrant out for your arrest, without you at least being aware there is an issue. For all their faults they don’t operate like that. In fact, HMRC even now if they think you owe money, they will write to you by good old fashioned snail mail.
If we use the internet for anything, we are vulnerable.
A recent post on Social Media was “Only people for whom the last three digits of their phone number is less than 800 will get into heaven”. Sounds very innocuous and just really rather silly. But think about it. It gives potential hackers some very important information if you reply with the last 3 digits of your phone number, as so many people in that particular post. We each have a responsibility to ourselves to reduce that vulnerability. Social Media is like a goldmine to criminals because we let down our defences and share all sorts of things on there, without thinking that there could be consquences.
For a long time, having heard about Password Managers, I was concerned that they might be subject to hacking themselves. 18 months ago, I finally signed up to one of them and it was the best thing I could have done. I have an impossible to guess, unique password for all of my accounts. All I need to do is remember one password. That’s easy because it is one that means something to me but cannot be guessed by anyone else. I also change it from time to time, and it will be influenced by things in my life.
If any of the organisations for which I have an account held within the manager is hacked, I get a notification to warn me and that enables me to change the password quickly. The system will generate a secure password, whenever I want one. If I don’t have the account in my manager when I log on or when I create it, it will ask me if I want to add it. I have the manager across all devices so it doesn’t matter where I am logging in from, I can access my passwords, and if there is the odd password that I need to share, I can do that securely too. Running a business means some accounts only have one login and that password needs sharing.
- Managing my passwords has become easy.
- Accessing my passwords is easy
- All of my passwords are unique
- All of my passwords are impossible to guess
- My password manager allows me to store other sensitive data too, such as details of my bank accounts & driving licence. And they are with me wherever I go.
And of course having a unique password for each and every account (over 100 to date), means that if any of the organisations for whom I have an account, suffers a data breach, the hackers only have one password for that one account which I can quickly change. They can’t use it with my e-mail address to access any other account and neither do I need to spend time changing all the other accounts with the same password because there isn’t one!
If you have resisted making things more difficult for criminals, because it would then just make things too difficult for you, think again. I was pleasantly surprised.
Remember, alwaystake Cyber Security Seriously. You are responsible for keeping your personal information private information private.