Happy New Year! This time last year, we outlined 3 further steps that you can take to make you, your family, your business, and Gibraltar more secure and #hardtohack. These simple but effective steps are timeless and so important to your personal cyber resilience that they are worth reinforcing again. Why not make becoming #hardtohack one of your New Year resolutions?
Change your online banking password.
While banking security continues to become more secure, as we have already discussed changing passwords breaks the chain if your personal data has been breached. So, as an additional precaution change your online banking password regularly. Yes it’s a faff. Yes, it’s easy to find something else to do. Yes, you are going to have to choose and then remember a new password. However, ask yourself this. Are you absolutely, 100% confident that your bank password is not compromised? Is there a chance that you may have used the same password for another login elsewhere? Could that service have been breached and the data compromised and made available to cyber-criminals? How concerned would you be if a criminal could access your bank account and take money from you? If your answer is, I am not 100% sure that I have not used the password elsewhere, and that they have not been breached, and/or I would be devasted if a criminal could access my bank account, then change your password!!! It should take you no more than five minutes, and by doing so will mitigate that gut wrenching, vomit inducing risk of discovering your bank account or savings have been cleared out. Invest time in your security. Be #hardtohack.
Change your Fi-Fi router admin password
Does your Wi-Fi router have a password for you to access your Wi-Fi? I suspect so; however, what you may not know is that your Wi-Fi router also has an admin password to enable you to manage settings within your router, including the ability to change your Wi-Fi access password. While not true of all routers, often the admin password to access your router is a standard factory password. So what? Well consider it this way. How many times have you gone to access a Wi-Fi network and you have been given the option to join the network of the house or business next door? If a device can pick up a Wi-Fi network next door, this also means that a cyber-criminal could access your Wi-Fi network from outside/nearby your home or business. Most Wi-Fi providers identify themselves by their brand names in order for you to recognise and join them. This means that a cyber-criminal can identify what internet service provider you are using, Google what web address is required to access the web-based admin portal and also Google the factory standard password. Ok, but so what…? Well, if you have not changed the admin password, a cyber-criminal can gain access to your router, change the router password so you cannot access the admin area, identify all the devices on the network for further exploitation and, if they wanted to, change your Wi-Fi access password – just to be annoying. To prevent this, change your Wi-Fi router password! And make note of it! To do this find the instructions for your router and the process to login into the admin area. Alternatively do as the cyber-criminal would do and google the IP address for your router’s admin portal, and while you are at it the factory standard password.
Activate multi-factor authentication
After ensuring a robust, non-repeated password, Multi-Factor Authentication (MFA) is the next strongest weapon in your arsenal to make you #HardtoHack. MFA is the process of using an additional confirmation method to verify that you are the individual requesting an action. This could be logging into an account or making a payment. Chances are you are already using MFA. If you use Amazon, or LinkedIn, you will recognise the process of receiving a number code to your mobile device via text or automated voice call. If a criminal has access to your email and password combination having purchased your data on the dark web – as we highlighted in our Christmas article – they could gain access to your online account. If, however, you have MFA activated, an authentication request would be sent to your mobile or other nominated authentication method. Unless your mobile device has been stolen, chances are the criminal does not have access to this and you will have thwarted the criminal’s ability to access your account. Usefully, it will also act as an indicator to you that there may be some form of unauthorised activity on your account and that you may wish to change your password to “break” the breached data risk. Some online accounts will as part of account set up ask whether you want to activate MFA, others will have MFA function, but you will need to navigate into the settings area to activate – annoying but worthwhile. Be disciplined and where possible check and activate MFA settings to be #HardtoHack.