Security Corner: Credential Stealing
Columbia Insurance Group knows both you and your clients face risks on a daily basis. To help you face the growing technology threats our team of security experts put together advice for your agency to implement. If it offers you peace of mind, feel free to share it with others.
This edition of the Security Corner focuses on protecting yourself and your business from the easiest form of hacking: Credential Stealing. It explores the question: Is it really hacking if you just use someone else’s credentials?
Never, Ever, Ever Re-use a Password
Sometimes a website or an online service you trust can be compromised and your user id, email address and password is stolen. The hackers (aka bad actors) will use your user id, usually your work or personal email address, and password and use them on the top 1,000,000 used websites. If you re-used your password on any other site, they will gain access to those sites and services as well. This is the most common way people get hacked. To thwart bad actors, use a password manager and use multi-factor authentication.
Multi-Factor All Online Accounts
Once a bad actor gains access to your email account, they now have access to reset all passwords to all the sites you signed up for with that email account. Once they’ve got your social media account, they’ll extort money from your loved ones while impersonating you. Multi-factor authentication (MFA or 2FA) can help guard against this risk.
You might already be using MFA when you login to your bank account. After entering the correct username and password to an online service, the site will either text or email you a one-time code or you use an authenticator that gives you a time sensitive number to completely login.
Use this service as much as possible. Even if your favorite website or electric company loses your account credentials, the bad actors will not be able to login without having your smartphone or access to your email.
The best option is to use an authenticator. Email accounts can be compromised, and SMS messages can be intercepted. If anything, enable MFA on your email account and your social media accounts.
Use a Password Manager to Save All Your Passwords
Most people re-use passwords because they don’t want to remember dozens of passwords. Who would? Since password re-use is the most common way people get hacked, save your passwords, not in your internet browser but with a password manager.
It’s more than just a place to store passwords. It can auto-fill credentials for you, which protects you from phishing sites, and it generates secure passwords, so you never need to think of another new one. Just don’t forget your password manager’s credentials! Check out this quick article on Tom's Guide for suggestions on top recommended password managers.
Look for future Security Corners for additional tips on protecting yourself and your business from those who wish to steal, harm or disrupt your business or your life.