There’s no doubt that over the last year, we’ve seen a marked increase in the number of cyber attacks, data breaches, phishing scams and large-scale hacking attacks.
We tend to think that it’s just the big corporations that are getting hit, but every one of us is a potential target and we all have valuable information that hackers want to get their hands on.
The easiest way they can gain access to this valuable data is by hacking our email accounts. There are over 6.69 billion email accounts throughout the world and unfortunately 1 in 4 of these accounts will be hacked.
The simple reason is that each account contains huge quantities of data that can be monetised or used to commit identity fraud. Our email accounts will typically contain personal photos, invoices, receipts, addresses, contacts, itineraries, banking details and often reset passwords for other accounts. Everything hackers need to cash in and make a profit.
Our accounts can be compromised in a number of ways, but the most frequently used methods are through phishing emails, exploiting flaws in software and guessing passwords. Over 60% of people use the same password for all their accounts so if hackers can gain access to one, they can potentially break into them all.
Despite the increasing persistence of hackers, there are several steps we can take to prevent our emails getting hacked.
1. Consider the use of a Password Manager
It can be a daunting task trying to remember so many passwords for all our online accounts, but a password manager provides a centralised and encrypted location that will keep a record of all these passwords safe.
Password managers store login details for all the websites that you use and logs you in automatically each time you return to a site. The first step when using a password manager is to create a master password. The master password will control access to your entire password database. This password is the only one you will have to remember so it's important to make this as strong and secure as possible.
Password managers can also protect against phishing attacks as they fill in account information based on their registered web addresses. If you think you’re on your bank’s website but the password manager doesn’t automatically log you in, there’s a good chance that you've strayed on to a phishing site.
2. Watch out for Suspicious Emails
Phishing emails have been around for a long time and despite a wealth of information about the different methods used to target victims, millions of people are still falling for these scams on a daily basis.
Phishing emails are carefully designed to trick you into entering confidential information such as an account number, password or date of birth by clicking on a link. The email may also include an attachment that once opened will directly infect your computer with malware.
Identifying a phishing email has become a lot harder than it used to be as criminals have become more advanced and deceptive in their attack methods. Despite the increasing sophistication of these emails that are often a number of tell-tale signs that may give the game away.
These tell-tale signs can include a mismatched URL, requests for personal information, poor spelling and grammar, unexpected correspondence and the use of threatening language. This is by no means an exhaustive list as attackers are continually tweaking their scams to dupe as many people as possible. You should trust your gut and if something even seems the slightest bit off, you should avoid opening the email or clicking on any links.
3. Use a VPN for Extra Security
A VPN, or Virtual Private Network, is a great tool to help protect your privacy online. It lets you browse the internet safely and securely by routing your connection through a server and hiding your online connections. It effectively encrypts all your data so that a hacker can’t tell what you are doing online or where in the world you are located. Quite simply, your data is safe and secure, and your internet activity is untraceable.
VPNs can be used on a range of devices including a PC, laptop, phone or tablet and it provides an extra layer of security to both private and public networks such as Wi-Fi hotspots. Users can safely bank online, shop, or chat to friends without anyone snooping on their online activity.
4. Activate Two-Factor Authentication
Two-factor authentication offers an extra layer of defence in protecting the security of your email accounts. In addition to a password, two-factor authentication requires a second piece of information to confirm your identity. This reduces the chance of a hacker being able to gain easy access to your accounts.
There are a range of different two factor authentication sites available that can be used for this process. Once you have registered, you can log into your accounts as normal and then enter your password. As soon as you do this, the two-factor authentication site will send a one-off code to your phone that you must enter before gaining access to your account.
5. Secure your Home Router and Wi-Fi
When you’re initially setting up your home network you will be asked to create a publicly visible network name, otherwise known as a SSID (Service Set identifier). Most devices are configured with a default network name that has been allocated by the manufacturer. You should immediately change the default name to make it more difficult for a hacker to know what type of router you have, thereby reducing the chance of attack.
You should also update your Wi-Fi software to protect the network security of your home. The router’s firmware like any other type of software can contain vulnerabilities that hackers will look to exploit. Most routers will not have the option of an auto-update so you will need to manually update the software to ensure your Wi-Fi is protected.
MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Our products directly address the specific challenges that arise from cyber threats and corporate governance by making it easier for users to engage in Cyber Security and compliance. Get in touch for further information on how we can help transform Cyber Security training within your organisation.