Protect Online Accounts From Breaches

The Dark Web sells stolen login credentials constantly.  There’s even price points for each type of account. For instance, social media account credentials go for between $30 to $80 apiece. Online banking accounts obviously go for a lot more.

Cloud service use has led to a huge upswing in breached cloud accounts.  IBM Security’s most recent Cost of a Data Breach Report tells us that stolen cloud credentials have become the number one cause of data breaches all over the world.

Whether it’s a personal or a business cloud account, compromised credentials are costly.  Such breaches lead to ransomware infections, compliance breaches, identity theft, just to name a few.

As usual, the biggest problem is human. It is difficult for us to adopt good password habits.  We like passwords we can remember easily, which makes them easy to guess or test for. 

For example:

  • 34% of people share passwords with colleagues
  • 44% of people use the same password across work and personal accounts
  • 49% of people keep passwords in unencrypted plain text documents

Cloud accounts are more at risk of a breach than ever, but there are several things you can do to reduce the chance of having your online accounts compromised.

Accounts in the cloud present more risks of a breach than ever before.  Fortunately, there are several things that we as users can do to reduce the odds of online account compromise.

Always Use Multi-Factor Authentication

The absolute best method used to prevent account breaches is multi-factor authentication (MFA).  Nothing is failsafe, but MFA prevents approximately 99.9% of fraudulent attempts to sign in, according to Microsoft’s favorite study on the subject.

Adding the second stage requirement to a login, which usually involves inputting a code sent to one’s phone or email, significantly increases security on the account.  In the vast majority of cases, a would be hacker won’t have access to your phone or other device that receives the code, so they can’t get past this step.

Yes, it’s a brief inconvenience.  Having a bank account stolen is much worse.

Securely Store Passwords In A Password Manager

Don’t store passwords in a plain text file.  Criminals find passwords easily when users store them in unencrypted, unsecured ways. Word or Excel documents, or the contact application on the PC or phone, represent two of the most common unsafe storage methods.

Password managers provide a convenient place to store all passwords.  They’re encrypted and secured. Each end user only needs to remember one strong master password to access all the others.

Many password managers also autofill passwords in multiple types of browsers. They offer a convenient way to access passwords securely across multiple devices.

Regularly Review Privacy And Security Settings

Who looks at the security settings in their cloud tools? Most people don’t, but really should.  One of the most common causes of security breaches on cloud accounts is misconfiguration of security and privacy settings.  Misconfiguration means that the settings aren’t set well to protect an account.

Don’t leave cloud software or storage security settings at default levels.  Defaults exist to make a setup IT guy’s life easier, not as the optimal permanent solution.  Review and adjust cloud application security settings on a regular basis to properly safeguard accounts on an ongoing basis.

Turn On Leaked Password Alerts In Your Browser

Even with impeccable password security, that one in a million chance can hit.  Passwords can always be compromised, since computer security runs as an arms race.  If a criminal makes off with a master database from a retailer or cloud service, there go everyone’s carefully chosen user names, passwords, and data.

Any criminal who steals that big of a master database will inevitably put them up for sale on the Dark Web as fast as they can.  They’re aiming for the longest use time possible, after all.

Considering the frequency, browsers such as Chrome and Edge added alert capabilities for leaked passwords along side their password managers.  Passwords saved in the browser get monitored. Should they be found elsewhere, an alert pops up on the browser saying to change the password.

Never Use Passwords On Public Wi-Fi

Hackers love to set up at public hotspots, such as airports, restaurants, coffee shops, and other places that offer free Wi-Fi. They get access to coffee, food, Internet, and distracted people’s passwords. What’s not to love?

Never enter a password, credit card number, or any other sensitive info when connected to public Wi-Fi.  Either switch off Wi-Fi and just use your phone’s cell signal, or use a virtual private network app to encrypt the connection.

Use Good Device Security

In the event of a breach through malware, attackers don’t need a password. How many apps open on smartphones and tablets without requiring a login every time?

Prevent breaches through devices by ensuring strong device security. Best practices include:

  • Antivirus/anti-malware
  • Up-to-date software and OS
  • Phishing protection (like email filtering and DNS filtering)

Don’t leave your online accounts at risk. We can help you review your current cloud account security and provide helpful recommendations.

If you’d like your business phone systems secured and headache free, contact us online or give us a call today at 866-550-0005!

Leave a Comment