123456 is not an exercise in counting

We are only 2 months in to 2014 and there have already been a significant number of major news stories about data theft and online security so I thought I’d round some up and give some tips that will help you to stay safe.

  • February 25th 2014, cyber security company Hold Security LLC said that it had uncovered 360 million sets of customer account data available for sale through cyber black-markets. These are new discoveries and represent a fresh risk to security.

Typical data includes email addresses, user names and passwords.

Hold Security LLC believe that these thefts are yet to be publicly reported by the organisations who were hacked.

  • February 14th 2014 Tesco announce that the details of more than 2,200 Club Card accounts were published on the internet and a number of Club Card points had been stolen.

It’s important to understand that Tesco has not been hacked. Rather, criminals purchasing data related to other security leaks will simply run email address and passwords combinations against websites such as Tesco’s Club Card site to see which of them work. A small number obviously do and have permitted unauthorised access to user accounts.

  • February 14th 2014 Barclays announce the theft of 25,000 customer files, including sensitive information such as passport and National Insurance numbers as well as account data.

It’s going to get worse before it gets better!

How do we know? Well, a number of companies have looked at stolen data and it’s been revealed that the No.1 password in use during 2013 was “123456”. The No.2 password was “password”, No.3 “12345678”, No.4 “Qwerty” and No.5 “abc123”

So how do you minimise the risk to yourself.

Well, it’s really easy,  you just need to use a different password for every different website and account that you have. I know the message is old but it’s becoming increasingly clear that the message is not getting across and people are getting hit.

Of course, it’s challenging to remember the tens or hundreds of passwords that we use on a daily/weekly basis so you need a tool to make the task easier.

The two most popular approaches are either to use a Password Vault, a piece of software that runs on your computer/phone/tablet which securely stores all your vital information and, in some cases, can be used to produce a really strong password every time you need one or you could use a “Seed” word or phrase that you amend every time you need a new password.

For a seed you could think of a line from your favourite song, perhaps the first line of Bridge Over Troubled Water, “When you’re weary, feeling small” for example. Take the first letter from each word, “Wywfs” and substitute a letter with a number, 5 for s for example, so your seed is Wywf5.

Now let’s imagine that you want a password for Tesco, take “Tesco”, substitute numbers for letters,  “T3sc0”, split it and add the letters to be beginning and end of your seed,  T3Wywfs5c0. Now have a password that will take 6 years for an average PC to crack. Add a symbol, such as “!” to the end, T3Wywfs5c0! and it will take 4 million years for the average desktop PC to crack.

That’s your personal security dealt with. If you are worried about security for your business, I can help there too. To learn more please give me a call on 01793 238020 or email  andy@enterprise-oms.co.uk to start the ball rolling.

PS. Just make sure that you have a remote wipe utility installed on your phone/tablet so that you can remotely erase the data should your phone be lost or stolen.