Getting people to pay attention to their online identity seems almost impossible these days.
Many people I speak with, I try to advise on why using strong passwords mitigates identity theft and cyber crime. All too often though, I am presented with justifications, arguments and reasons for the need to use simple passwords. Such as – “It must be simple so that I can do my work” or “You don’t expect me to remember that!” or “It’s just too ridiculous using difficult passwords”. In fact, it seems many people just see passwords as a hindrance and don’t understand its intended purpose. Yes, it adds extra overhead to your day to day activities, but its prime purpose is to protect you from a possible catastrophe.
An example is a former supplier of ours who went bankrupt as they could not recover from what started off as a simple mail hack for one employee.
What if someone knew your email password?
I have asked people this question and to my surprise many simply don’t see it as a major issue. They don’t see the risk and don’t believe it will happen to them. They are of the belief that if someone hacked any of their email accounts, it’s just because some kid/hacker is bored and he/she is poking around and that is poses little threat to their business.
It’s a domino effect
Your email account is often the first and primary component of your online identity and yet it’s the one that is left unguarded the most. The problem with a hacked email account is the domino effect. Most people use their email for online registrations, purchases, receipts, renewals, transactions, password reminders etc. And once an email is received many people simply file it away in another folder.
The first domino falls when you get hacked. The subsequent dominoes fall as the hackers inspect the content of all your emails, including the sent items and start to gain access to other systems. This is all carefully done making sure there is no trace of their activity. The ultimate goal is to take on your identity and gain full access to all your bank accounts. By the time you are aware anything is wrong, your money is gone and all your accounts are fully controlled by someone else. To make matters worse you will likely have to deal with getting your identity back and convincing your financial institutions that “you” are the “real you”.
So why do hackers do this?
Because quite simply “crime on the internet pays”. I say this because:
- There is lots of money to be made
- Risk of being caught is very low as they easily outsmart law enforcement agencies
- Low cost of tools and software, work from home
- The opportunities will grow as many people will remain ignorant about security
It all sounds like a great business opportunity, which is why those kids/hackers have now become organized crime syndicates.
According to a report by the Justice Department’s Bureau of Justice Statistics (BJS), about 16.6 million Americans experienced identity theft in 2012. Alarmingly, identity theft continues to be a key enabler of serious and organized crime, which in turn cost Australia around $15 billion in 2011. The figure today is speculated to be around $30 billion and soon it will cost more than Australia’s NBN rollout.
My view is that the problem is compounded by Banks who downplay the alarming increase in fraudulent activities to their customers. They don’t want people to start fearing online banking as this will have a significant impact on their business.
Here are a few tips that can help you secure your email accounts.
Use strong passwords, please!
Even hackers feel insulted when they come across passwords like ‘letmein’, ‘password123’, ‘Winter’, ‘John123’ and the like. You should always use a combination of special characters, numbers, upper and lower case alphabets of almost any length. My Gmail password is between 30 to 40 characters long and my general rule of thumb is to have a password that only the NSA can hack. I urge you to check out https://howsecureismypassword.net/ to see how strong your passwords are.
If you own a small business speak to your IT people and make sure you use and adhere to a good Security Policy.
Avoid Public WiFi
Happy to have discovered an unsecured WiFi hotspot? Enjoying the free WiFi of the coffee shop round the corner?
While this is convenient, it’s also convenient for the hacker sitting nearby to sniff the packets right out of thin air. Avoid using public WiFi for accessing email or transacting online with a credit card. Casual browsing and YouTube watching (without logging in) are Ok.
Do not share your login information
Another obvious fact. But at times, it’s necessary for small businesses and online entrepreneurs to share login information with colleagues. For example, accessing Google AdSense, Analytics or Microsoft Live services etc. The ideal solution is to create a dedicated account for accessing these services instead of linking everything to your personal email id and sharing it.