This year has seen a steady stream of security breaches, so much so that the news announcements almost seem routine. It's hardly surprising though, as our personal information is such a valuable commodity - not just for companies, but unfortunately for cybercriminals too.
Among the biggest incidents this year were attacks on Anthem, LastPass, Hacking Team, the United States Office of Personnel Management, Ashley Madison, Carphone Warehouse, Experian and most recently, TalkTalk. Some of these resulted in the theft of vast amounts of personal data. This highlights just how many companies are unfortunately failing to take the right steps to defend themselves and, at the same time, their customers' data.
Unfortunately, there's no such thing as 100 per cent security, so it's never possible to guarantee that systems can't be breached at all, especially when an employee may be tricked into doing something on a work computer that jeopardises the wider corporate security system. However, any organisation that holds personal data has a duty of care to secure it effectively. This includes obscuring (hashing and salting) customer passwords, encrypting other sensitive data and educating employees who are becoming increasingly connected on somewhat vulnerable mobile devices.
Although the responsibility to secure our data does lie with the organisation to whom we entrust it, we as consumers can limit the impact of a security breach at an online provider by ensuring that we choose passwords that are unique and complex. An ideal password is at least 15 characters long and consists of a mixture of letters, numbers and symbols from the entire keyboard. As an alternative, a password manager application can be used to handle all of this automatically. You can find some tips on how to create unique, complex, but easy-to-remember passwords here.
The issue of passwords is one that has continued to resurface throughout this year's biggest data breaches. Essentially, if we choose a password that is too easy to guess, we leave ourselves and potentially our workplace wide open to identify theft. The problem is compounded if we recycle the same password across multiple online accounts. Ultimately, if one account is compromised, they're all at risk!
This issue is certainly not news; and a growing number of providers, including Apple, Google and Microsoft, now offer two-factor authentication. This requires customers to enter a code generated by a hardware token, or one sent to a mobile device, to access a site or make changes to account settings. Although this does enhance security - it's only effective if compulsory, rather than just being an option that could be ignored or bypassed. Other's need to learn from the outcome of these evolving solutions in addition to ensuring data is properly encrypted and hashing and salting.
We can consider changing passwords quite like changing our underwear - we shouldn't share them, we should avoid revealing them to others and we should change them at regular intervals. A recent Kaspersky Lab study revealed that just under half (44%) of respondents have shared their passwords with colleagues, family or friends, with a significant number happy to do so again. This compares to a mere one in four (26%) who would be willing to share their underwear with another person. Only around half of those surveyed change their passwords twice a year or more, and almost three quarters of Europeans (73%) would rather reveal their online password than go without underwear!
As we have seen, the theft of personal data can have serious consequences for those affected, and potentially severe knock-on effects for others around them. Moving into 2016, we are only going to become more connected and mobile, and so businesses who hold our data need to review and adapt their internal policies and security strategies appropriately. As they say, knowledge is power in the fight against cybercrime.
It will be interesting to see what 2016 holds for us. We all need to take care out there.