In digital security terms, 2015 has been the year of the major corporation hack. With Ashley Maddison in September, Carphone Warehouse in August and now TalkTalk, Weatherspoons, VTech and Marks and Spencer all in the past month, yes, 2015 really has been an incredible year for highlighting the ineptitude and naivety with which the companies we trust hold our personal data. Despite how things seem though, these ‘leaks’ may actually be a blessing in disguise and good news for individuals, as well as bad.
In data security circles the cry for better digital security has been both long and loud to both the personal user and the big corporations who claim to safeguard our private data. For reasons unbeknown to the industry, these calls have been ignored. Individuals continue along the lines of ‘it isn’t likely to happen to me’, and companies continue to over-promise and under perform.
This is why in some respects the hacks that have littered this year are good for us all. They can start to act as a wake-up call and people can begin to take notice of the risks of online browsing and also of who they can trust. With individuals more guarded and cautious, companies will have to alleviate that fear by bolstering their data security, and thus all parties win.
For those affected, the hacks have in some cases been life changing. This obvious detrimental effect to people’s well being will hopefully be the catalyst for change. For those who have been hacked, the message that any data stored on any device must be made secure has finally hit home. For the rest of us, we must learn from these people and their unfortunate circumstances, rather than turn our backs and say ‘phew, at least it wasn’t me!’
Part of the frustration for digital security companies like ourselves is just how simple the process of protecting yourself can actually be. Rather than intricate coding of your machine or expensive software installations, there are steps that each and every person can undertake to help protect themselves, including:
- Ensuring passwords are robust. Passwords should use both upper and lower case, have special characters, non-sequential elements and also not be a word in themselves. A password should be changed at least every 30 days.
- Being aware of invisible email links. Some links in emails may not go to where the visible text in the email says they are. Although the link may say www.hsbc.com for example, that doesn’t mean that the real address isn’t hacker.com. To check, hover over the link in the email. Normally at the bottom of your email window you will see the real link. Otherwise, right click the link and view properties. Always think before you click.
- Knowing where emails come from. Be very careful when opening an attachment from a source which seems unusual. Again, always think before you click.
- Consider installing Data Leakage Protection Software. Having some form of Protective Marking system can help you detect outbound data that is classed sensitive and block the traffic until the data is classified. In this way any unusual (i.e. malware) outbound email can be stopped.
Ultimately, data security needs the same power and precautionary measures as health and safety, both in the home and in the corporate environment. We endeavor to prevent ourselves from getting hurt or damaged in person, so why not view our personal data and privacy in much the same way. Real damage can be caused through hacking. We protect ourselves from physical harm, now is the time to focus on digital harm too.