Staying cyber safe (the adult version)

It’s funny how we’re all so acutely aware of keeping our kids safe from online predators, but we can often neglect our own online safety.

At the very heart of our adult vulnerability is our digital identity. Yes, all the online credentials (like passwords and logins) and system permissions that are unique to us. Yet, keeping them safe is critical to the well-being of our personal and business lives.

But first, let’s look at how easy it can be for the baddies to help themselves to your credentials.

Infostealer is a type of malware that can steal sensitive information, such as your login credentials, financial details, and personal data. It gets installed on your computer or device (think phones, tablets, and laptops) in a variety of ways, like a phishing attack, a visit to an infected website, or an inadvertent download.

As we all know, it’s all too easy to click on a link in an email without double-checking that it’s actually from the real person or business. Or to open an urgent PDF document you think is from your boss. Or do a quick download of the nifty little app that promises to clean up all your 10,000 duplicate files in a flash.

But your moment’s inattention is all it takes to install an Infostealer. And it can take just a few seconds more for the programme to set itself up in your system or on your device, have a rapid nosy around, collect the credential data it wants and transmit it back in a bundle to a cybercriminal, and then exit.

From here, these stolen credentials can be used like a key to a bank vault, granting criminals open door access to your organisation’s most sensitive data, which they can sell on to other criminals or hold to ransom.

Whatever the baddies decide to do next, you can count on one thing: it’s going to cost your business dearly – in terms of cash and reputation loss. And you may even be fined for failing to protect your data.

If that all sounds like scaremongering, then consider this: “To illustrate the scope of how prevalent and dangerous infostealers have become, 2.1 billion (75%) out of the 3.2 billion credentials stolen in 2024 were compromised by infostealer attacks.”

So, of course, the burning question is: how can you boost your own stay-safe standards?

We’ve all grown up with passwords, but at times it seems that some of us haven’t let our passwords grow up.

Hands up if you use ‘Password’, ‘123456’, or ‘Admin’? Or if you use the same password (the first one you ever created) for two, three, four, or all your online logins. Now don’t laugh, because people still use those basic passwords today, and at volume. In fact, the most common password worldwide is 123456 (followed by 12345678). Admin takes 4^th place, and Password comes in at 8^th.

According to Security Magazine:

Setting a hard-to-crack password is critical. (What’s also critical is not inadvertently sharing it through a phishing attack!)

So, what are some of the basics of a strong password?

1. Length matters. According to NIST (an organisation that creates cybersecurity frameworks), every additional character in your password dramatically increases the number of guesses an attacker must try. Say you’ve got an eight-character password. That would take about 200 billion guesses. While it may be way beyond the scope of a human, it’s child’s play for password-cracking software, which can make 100 billion guesses per second! All of a sudden, those eight characters seem to be a bit pathetic. NIST recommend a minimum of 15 characters, which should take the software more than 500 years to crack.
2. Use unique-to-you passphrases. A passphrase combines multiple real words to create something easier to remember. For example: “My dog & cat ate 7 mince pies”. As the phrase is personal to you and your pampered pets, it’s easy to remember. It’s got 22 characters, and the addition of spaces makes it even harder to crack (yes, you can use spaces in your password – who knew?). Note: Please don’t use our password!

However, the sad truth is that no matter how complex they are, passwords alone are no longer considered secure. They can all be guessed, stolen or compromised. So, how can you improve your odds of not getting your password hacked?

The average person has at least 100 passwords. Remembering 20 would be a challenge for most ‘average’ people – so join us in saying a silent thank you to password managers like LastPass!

The joy of a password manager is that you no longer need to write your passwords on sticky notes attached to the side of your monitor. Or on the last page of your work notebook.

With a password manager, you only need one decent master password (or better still, a pass phrase) to give you access to your fully encrypted library (or vault) of logins. You can either open websites that require logins from within LastPass or allow it to autofill them for you upon on-screen approval.

If lacking in inspiration or enthusiasm, you can also use your password manager to generate your passwords for you. Most password managers also offer cross-device synchronising (i.e., you can use it on your phone and tablet too), issue notifications if your password has been part of a data leak or breach, and use MFA (multi-factor authentication) to double-lock down access to your vault.

There are lots more features (give us a yell, and we can go through them), but in a nutshell, a password manager is worth its weight in security gold.

We briefly mentioned MFA a couple of paragraphs ago. But what is it?

You’re probably already using it! It’s when you go to log in to your favourite website, and it says, “Hold up, we just want to double-check you are who you say you are before letting you in.” And requesting that additional verification is fair enough, too.

Some random hacker may be using your password, or you may have left your phone on the bus, and someone is trying their luck by logging in to your bank app. So, to make sure it’s you, you’re asked to apply your (unique) fingerprint to the screen, then verify it’s you by responding to an email sent to one of your other devices, texting you, or entering a time-sensitive code via an authentication app.

In effect, MFA requires you to back up your login request with an action on another device (even a dongle!) or application that some random hacker couldn’t complete. While some MFA methods are more secure than others, in general, having more than one factor for authentication makes your accounts more secure.

We admit it, we’re a bit obsessive about securing identities. That’s why we partner with cybersecurity gurus like Sophos and LastPass.

And it’s probably why we offer credential hygiene services, where we audit your current status, identify weaknesses, remove all those sticky yellow notes, and help to keep your credentials safe from theft, sharing, or misuse.

CTA: Give us a call if you’d like a free MFA setup or password hygiene workshop!