Third party data breaches

This article discusses the scenario where you may have kept your own data perfectly safe while a third party, such as a utility or telecommunications company, holding your data was breached. Often you will only find out that your data has been put at risk when the third party contacts you. This may be a longer time interval than ideal, meaning that you could be vulnerable to a number of risks, especially where you use the same password for multiple sites.
Hacker image

How third party data breaches can affect you

Even if you run a tight ship with your own security, it is still possible that you will find some of your data being compromised through no fault of your own.

In recent times I have been contacted by a large telecommunications company and a large utility company regarding data breaches. These breaches are fairly common and will see hackers stealing the data of hundreds of thousands of customers directly from large companies. Companies are obliged to inform customers of data breaches by GDPR legislation.

This scenario shows how all the parts of the Web Safety Guru training are interlinked. The remedial measures I'll be recommending fall under section 1 of the course which concerns your password regime and how to protect your data. But how did the hackers get the information in the first place? On accasions, such as the alleged US presidential twitter hack in autumn 2020 this might simply be because the password was too easy to guess.

Hacks have also resulted from company employees opening the wrong email or falling for a phishing scam (section 2) or inadvertently downloading a virus (section 3). Hacks may also take place because the victim has given away too much information on social media (section 5) or had information intercepted over a public network (section 6). The 2017 NHS hack was attributed to a vulnerable port and extremely old software. As any defences are only as strong as their weakest point, the password section of the Web Safety Guru training forms part, but not all of a strategy to protect your data. The other sections of the training are all important. You could have a ridiculously strong password which you changed every day, but if you are sloppy with viruses, emails, social media and networks, you would still be vulnerable to data breaches.

Why password management matters

Take a moment to consider this question. How many accounts do you have on all the websites you use? Chances are it's over 50. I reckon I have several hundred. Then ask yourself how many different combinations you have for email/password or login id/password.

As I am only too happy to reiterate, your defences are only as strong as your weakest point. If you have 50 user accounts and every one had the same login and password, a hacker who'd gained access to any one would potentially have the ability to access every account you owned. And while some of your accounts might be for obscure sites, a motivated hacker with time on his hands would try the stolen details on numerous major websites such as shopping, social media, telecommunications and utilities. With a bit of patience they could gain access to your birth date, full address, your list of friends and your shopping habits. Even a small subset of this data would give a hacker the information necessary to apply for a credit card in your name. Or they could change your password to shut you off from your own details. Disastrous consequences could ensue. All from your details being stolen from another site.

I will discuss preventative strategies at length in section 1 of the Web Safety Guru course. You need to know how to minimise the damage as quickly as possible. It is vitally important that your key accounts all have unique login id/password combinations. This minimises the amount of sites that are compromised by a single breach and enables you to clean up the mess much more quickly.

If a security breach comes to light, the affected website will inform you and advise you to change your password. You would absolutely need to change your password for all your accounts with the same credentials.

So take a moment to consider this question: If you had to change your password on a particular site, how many other sites would you also need to change your details on? Which sites? Do you have some sort of log listing what your credentials are on each website. If you only have these details in your head, you will never be sure you've changed every password that needed to be changed.

In section 1 of the Web Safety Guru training, I'll explain some techniques for managing your password information in a way that doesn't make this obvious or easy to find. I'll also explain the additional ways of protecting your data, such as password protecting individual documents or making them invisible, in case you computer is hacked or stolen. The key thing is that if your receive bad news regarding a security breach on a specific site, then you are quickly able to activate a plan to limit the damage.

Computer stress

Damage limitation after a third party data breach: key points

Login details for important sites such as online banking and credit cards MUST BE UNIQUE. No duplicates, no excuses. Keep your software updated. Don't allow hackers the time to exploit loopholes in old software. Have a plan for what to do if one of your accounts is breached. You will have to move quickly and panic will not be helpful.

Section 1 of the Web safety Guru training is not merely about telling you to get stronger passwords and change them regularly. It's about helping you develop a mindset and routines that will minimise the damage if the worst happens. It will also help you stay on top of the increasing number of different usernames and passwords you will find yourself using.


ABOUT WEB SAFETY GURU

Web Safety Guru offers one to one computer training designed to keep you safe online.

We'll discuss: passwords and security, email scams, viruses and malware, cookies and privacy, safety on social media and safety on public networks.

Visit the homepage to learn more about the options for Zoom courses and home tuition.