The recent breach at Yahoo has proved once again that, regardless of a company’s size and expertise, security is always an issue. In the wake of the incident which left Yahoo bosses scratching their heads and millions of account users scrambling to update their passwords, some have suggested that the problem is more serious than Yahoo has let on.
Aside from questions over the time delay between the security breach happening and Yahoo making it public (it took place in 2014 but was reported in 2016), one former executive thinks that Yahoo’s given number of 500 million affected accounts is wrong. Although he’s chosen to remain anonymous at this point, the former Yahoo bigwig told Business Insider that as many as one billion accounts could have been compromised.
A bigger problem for Yahoo and beyond
Because of the system’s back-end architecture, the source claims that a large portion of the company’s database could be exposed through a single attack. If this is true, then Yahoo’s assertion that 500 million people may have been affected by the hack is at the lower end of the spectrum.
Regardless of the specifics in relation to timing and compromised accounts, one fact is clear: customer credentials were stolen in a massive hack. With everything from email addresses, personal details, credit card data and encrypted passwords being stolen, many have suggested this is the biggest data breach ever. Given the severity of the issue and the public profile of Yahoo, industry experts are now calling for change.
For users, regulatory change with regards to how long a company can wait before revealing a hack has taken place might come a little too late, but that doesn’t mean all is lost. Positive action is one of the most effective ways for users to protect themselves from the threat of hackers and central to this is a strong password.
Often the first point of entry for anyone wanting to illegally access someone’s personal account, your password is critical to your overall safety. Naturally, before you can move forward you need to assess your current state and ask: is my password strong enough?
Using the Hiscox Password Tool, you can learn a valuable lesson about passwords, security and your own naivety. Designed to educate small business owners about the dangers of the web, the tool prompts you to input your password before giving you a series of tips on how to better protect yourself.
74% of small businesses were subject to a data breach in 2015 and two-step authentication is always important. In fact, it’s a good lesson for anyone who stores personal data online. In fact, one of the main weaknesses cybercriminals prey on is ignorance. Since most people can’t spot a phishing page or understand why they might be at risk, it makes them easy targets for hackers.
Become a tough nut to crack
Of course, sometimes you can do everything right and still fall victim to an attack – as was the case for many with an account at Yahoo – but if you can master the basics then you stand a much better chance of survival. While we can’t cover the full spectrum of security tips in the little space we have left, here are a few points you should consider when you’re looking out for your own safety online:
- Phishing emails will often have improper spelling and strange-looking hyperlinked URLs.
- Phishing sites will urge immediate action, for example “Tell us your password now so we can help you!”
- Always use two-step authentication for logins – there are online tools which generate RSA keys.
- As suggested by security expert Dennis O’Reilly, create a password from a phrase e.g. England Will Win the World Cup in 2018. Take the first letters of each word and combine with the number to get: EwwtWCi2018.
- Switch it up every other month. Many of the least affected Yahoo users were those who changed their passwords on a regular basis. Although it’s not a fool-proof strategy, it keeps the hackers guessing and that makes you a hard target.
Essentially, what the Yahoo incident has shown us is that everyone is vulnerable, but the key thing to take away from this is that you should avoid being a soft target. Hackers might use a large net to scoop up tons of information, but they will always feast on the most vulnerable. So, even if you can’t prevent a massive data breach, at least ensure you’re one of the toughest victims to catch.