A frequent question I’ve been asked by people since starting Techs-Up is how to secure their online information.
This is equally important for individuals and businesses, so as part of a blog series I thought I would include some of my thoughts and tips. Please note this is in no way an exhaustive list and is only intended to get you thinking.
Firstly it's important to understand that potential 'hackers' might not just be after your money but also your personal and business information. Also if one account is compromised it could lead to a cascade of loss of information or access to other accounts. For this reason you need to make sure access to this information is as secure as possible.
There are 3 main considerations on securing these accounts and what you need to protect:
1) Username,
2) Recovery information
3) Password.
Ideally you want to keep all of these a secret to keep hackers at bay, but they would normally need at least 2 of these to access your account.
Today I'll concentrate on 1 and 2, username and recovery information.
The focus is often on passwords and it's important not to use the same one for multiple sites, but stopping hackers finding the username in the first place can be overlooked. This can be the best place to start trying to stop unwanted access to your accounts. Without this information they will not even know where to start, a bit like a burglar not knowing where you live.
If you use your email address as your account name just think of the number of places that information is freely given or could be stolen from. Simply signing up for newsletters, accessing social media sites, shopping online and even sending someone an email could leave you vulnerable to potential hackers looking to access this information.
To see if your information might already be leaked out there a good first step is to use a site like ‘Have I Been Pwned’. If it has it’s time to start changing passwords!
But prevention is better than cure and there are a number of ways to stop this happening in the first place.
Securing your login account name can be done in a number of ways but here are a couple of suggestions:
Firstly this could involve creating an alias (a different email address that is not a username for your critical online accounts) . So for example if you sign in using john@gmail.co.uk you could create an address john@gmail.com for other sites. You then use this Alias when signing up to websites and you don't need to worry so much if these details get leaked.
If you can't create an alias you could try using two completely different accounts to separate your activity, so keep one for your critical activities such as online banking or your accounts with access to your payment details. The second account can be used for anything none critical such as signing up for news letters and access to any other websites such as Facebook.
Also if it's an option you can create a unique username, so if your bank app allows you to create a username like 'amy123' use this rather than your email address.
All this hinders potential hackers by making it much harder to find the usernames to access your secure information . One negative to consider is this creates more information for you and your business users to remember, and you don't want this written down and stuck laptops!
Another thing to consider is your recovery information, used in the event you lose access to an account. Again often overlooked these are the back doors to access your account so guard them carefully. I would recommend you don't re-use security questions from things like your online banking for another account, one leak again could lead to a determined hacker using this information to gain access.
Also be careful about using information you can see on social media sites. This can be done in many ways, leaving your date of birth publicly available, to just having the names of your kids on your Facebook page. Think twice about what security questions you use and where that information may be visible.
In my next blog I will look at more ways of securing your online accounts using things like MFA. Feel free to post your tricks for securing this information.
Comments