In June, the retail giant Dixons Carphone revealed that 5.9 million customer bank card details and 1.2 million personal data records had been hacked. It is relevant to bring this up again as Blackhat USA, the largest information security convention in the world next to Def Con, took place last week.
Dixons Carphone’s breach was then upped last week to reveal that the data breach actually saw around 10 million records (containing personal data) accessed, and was far worse than originally reported.
Data breaches are a worryingly common occurrence, and in the past two years alone, the list of companies that have been hacked is long and contains some unexpected names. Two of the biggest are that of Yahoo! and of course Equifax.
I hear you ask “what does this have to do with me? Big corporations have departments that deal with this and their losses are covered by insurance. Who cares?” Well, you should, and everyone should.
The truth with cybersecurity is that people don’t care until they’re hit, and in the corporate world, they don’t care until there is a breach and they lose a lot of money. While there is a difference in the target and goals between a “personal hack” and a “corporate hack”, the same methods are used, vectors are attacked, and vulnerabilities are exploited to gain access in a breach.
The phrase I hear a lot is “we are so reliant on tech that we cannot see its flaws.” This is not exactly true from a cybersecurity point of view. With this in mind, what can we learn to improve our “cyber hygiene” in our personal lives?
Firstly, and this is key, people are lazy and if something is quicker, it will be used over something that is rock solid. Security always comes second to convenience. In the professional world, you can have the most secure server room in the world and the password to it will be something like “Admin – Admin” as was the case in the Equifax hack.
What can we learn from this? Use unique login credentials always. If you cannot keep track of all the passwords use an encrypted USB key or a notepad. If it is online it can be hacked; don’t make it easy.
Secondly, people are trusting. People will connect to public Wi-Fi on impulse. What happens here is all of your traffic is shared between everyone on that network.
So what? Well, if you’re in a coffee shop someone can be sitting there on a laptop using free software pulling in all the data that is in the coffee shops network just waiting. Waiting for bank details, Facebook logins, email logins. These will all be able to be used and seen by the bad actor. This is called a “Man in the Middle” attack.
To overcome this, start using VPNs while using public Wi-Fi. It only takes a moment on a free WiFi connection for a hacker to access your personal accounts. Again, we must overcome the lazy impulse when using technology. While complimentary WiFi is convenient, protecting your connection with a VPN is the best way to stay safe on public networks, by keeping your data and browsing history secure. There are some really good ones out that vary in cost and even some free ones on IOS and Android. Paid are far better however and more secure.
There is also the very real chance of a more aggressive bad actor trying to gain access to your machine using an exploit. The point here is when you’re on public Wi-Fi use a VPN, patch your system and have anti-virus on your machine.
On this point again, don’t click links online, and look into the danger of phishing and spear phishing. This is an email which looks super real from your bank, work or even college that contains a link. If you click this link anything could happen; usually, malware could be installed but very often you are taken to a URL that looks very like your bank or college and you’re asked to enter your username and password. After which you have been “pwned” and your account has been breached.
This is how the DNC hack occurred during the US election.
The stereotype of a guy in a hoodie firing commands into a laptop isn’t true. Most hacking is actually about gaining access to the network and thus the target. The rest is four to five commands. Be smart online and don’t make it easy to be hacked. This is something that costs companies millions to learn.
You can follow Darragh on Twitter: @Darraghwv