Protecting Your Online Accounts from Data Breaches
Data breaches are common for stealing login credentials, which are a hot commodity on the Dark Web. There’s a price for every type of account, from online banking to social media. For example, hacked social media accounts will go for $30 to $80 each.
The rise in reliance on cloud services has caused a considerable increase in breached cloud accounts. According to IBM Security’s latest Cost of a Data Breach Report, compromised login credentials are now the #1 cause of data breaches globally.
Having either a personal or business cloud account compromised can be very costly, and it can lead to a ransomware infection, compliance breach, identity theft, and more.
To make matters more challenging, users are still adopting bad password habits that make it too easy for criminals. For example:
- 34% of people admit to sharing passwords with colleagues
- 44% of people reuse passwords across work and personal accounts
- 49% of people store passwords in unprotected plain text documents
Cloud accounts are more at risk of a breach than ever, but there are several things you can do to reduce the chance of having your online accounts compromised.
Use Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) is the best method to protect cloud accounts. While not a failsafe, it is proven to prevent approximately 99.9% of fraudulent sign-in attempts, according to a study cited by Microsoft.
You significantly increase account security when you add the second requirement to a login, which is generally to input a code sent to your phone. In most cases, a hacker will not have access to your phone or another device that receives the MFA code; thus, they won’t be able to get past this step.
The brief inconvenience of using that additional step when you log into your accounts is more than worth it for the bump in security.
Use a Password Manager for Secure Storage
One way criminals quickly get their hands on user passwords is when users store them in unsecured ways. Such as in an unprotected Word or Excel document or the contact application on their PC or phone.
Using a password manager provides you with a convenient place to store all your passwords. Password managers are also encrypted and secured. You only need to remember one strong master password to access all the others.
Password managers can also autofill all your passwords in many different browsers, making it a convenient way to access your passwords across devices securely.
Review/Adjust Privacy & Security Settings
Have you taken the time to look at the security settings in your cloud tools? One of the common causes of cloud account breaches is misconfiguration, which is when security settings are incorrectly set.
You don’t want to leave SaaS security settings at defaults, as these may not be protective enough. Review and adjust cloud application security settings to appropriately safeguard your account.
Use Leaked Password Alerts in Your Browser
You can have impeccable password security on your end yet still have your passwords compromised. It can happen when a retailer or cloud service you use has their master database of usernames and passwords exposed and the data stolen.
When this happens, those leaked passwords can quickly end up for sale on the Dark Web without you even knowing it.
Due to this being such a prevalent problem, browsers like Chrome and Edge have had leaked password alert capabilities added. Therefore, Chrome and Edge monitor passwords that you save in the browser; if found to be revealed, you’ll see an alert when you use it.
Look for this in the password area of your browser, as you may have to enable it. By doing this, you will know as soon as possible about a leaked password so that you can change it.
Don’t Enter Passwords When on a Public Wi-Fi
It would be best to assume that your traffic is monitored whenever you’re on public Wi-Fi. Hackers like to hang out in public hot spots in airports, restaurants, coffee shops, and other places to gather sensitive data, such as login passwords.
When connected to public Wi-Fi, you should never enter a password, credit card number, or other sensitive information. You should switch off Wi-Fi and use your phone’s wireless carrier connection. Alternatively, you can use a virtual private network (VPN) app, which encrypts the connection.
Use Good Device Security
If an attacker manages to breach your device using malware, they can often breach your accounts without a password needed. Consider how many apps can be opened if you are already logged in on your devices.
Ensure you have strong device security to prevent an online account breach through one of your devices. Best practices include:
- Up-to-date software and OS
- Phishing protection (like email filtering and DNS filtering)
Looking For Password & Cloud Account Security Solutions?
Don’t leave your online accounts at risk of data breaches. DreamIT Host can help you review your current cloud account security and provide helpful recommendations.
Click here to view DreamIT Host’s Web Hosting plans.
The article is used with permission from The Technology Press.