Monday, July 6, 2020

4 Ways Hackers Steal Data And How To Protect Yours

Old joke: The average user types the correct password after the fifth attempt, but an average hacker picks it up from the third. Yeah, we don't think it's funny, either.

Everyone wants to avoid hacking because of the devastation identity theft can cause. But the truth is, unless you're multi-millionaire, you are unlikely to become an isolated target of a cyber attack. Still, no one can resist low-hanging fruit. If your accounts are vulnerable, they're likely to be hacked simply because it was too easy not to. 

Photo by Bernard Hermant on Unsplash

Key sniffers and spy cams

A hacker doesn't stand over your shoulder and watch you enter your login credentials because there's no need. Don’t underestimate key sniffers and spy cams that may be operating in your vicinity. Both are commonly used in public places like cafes and airports, and both can register your every keystroke, undetected. 

If you can, use your password manager's autofill function to avoid entering passwords in public if you can avoid it. 

Photo by Jonas Leupe on Unsplash

Stolen phones

Be wary of using biometric entry like TouchID exclusively to enter your phone. Once your fingerprint is replicated well enough to fool the fingerprint scanner, all your secrets are available through your email and text messages. All it takes is a skim of your inbox to discover your most important accounts, then ask to "reset" or "recover" them. 

Admittedly, this would require that a hacker have some knowledge of who you are, spend some time in your vicinity in order to lift a fingerprint, and be highly focused on getting to something in your specific phone. But if it's lost or stolen, you don't want to worry it's fallen into the hands of someone with the skill to break into it. Better to protect yourself using a pincode--and cover the screen when you enter it.

Photo by Jan Antonin Kolar on Unsplash

Stolen databases

Hackers steal databases of account credentials from small sites with no dedicated security team. They then try millions of stolen email/password combinations on other sites, like Facebook, Amazon, banking sites, etc. They do this because of the weakness so many of us have for reusing passwords. 

If they get into one account, that set of credentials gets plugged into several other accounts. If they get into an email account, they follow the same steps as they would in the previous method to get access to all the rest.

Most of us have too many accounts to come up with a strong, unique password fro every one of them. But your password manager can both suggest and securely store safe passwords to ensure that even if one account was hacked, the rest are safe.

Direct access your locked computer

It's a no-brainer to lock your computer. But if you don't log out of all your open accounts first, access to every web account you left open is as simple as guessing your computer's login password. Granted, some sensitive accounts log off automatically after a certain period of time, but that means nothing to a hacker if you've reused the same password for your email as you do for your online banking account. 

It's important to encrypt your hard drive to make your data incomprehensible to anyone who does happen upon your running computer sitting at the login screen. And makes it almost impossible for anyone who steals your laptop or hard drive to access your data.

Encrypted or not, it's never a good idea to use the "keep me logged in" function on your online accounts. If entering your email and password each time is that much of a pain point, you need a password manager with intelligent web parsing to autofill your credentials securely and eliminate that pain point for you. 

No comments:

Post a Comment