By Christopher Budd, Director, Threat Research, X-Ops
The Internet has become a ubiquitous part of everyday life and while its advantages are numerous and far-reaching, we need to ensure we are protecting ourselves and our precious personal information while online. Just as you wouldn’t drive your car down the freeway without your seatbelt on, so too you shouldn’t hit the digital superhighway without the right safety measures to ensure you’re safe while navigating the Internet.
Safer Internet Day on February 6 is a timely reminder on how to protect yourself on the internet—notably the importance of strong passwords to prevent credential theft, which is used to break into corporate networks and escalate privileges to steal data and eventually launch attacks such as ransomware.
While we all hate passwords and think they’re a pain, they remain important. Even today we see major companies compromised because of bad password management by them or their staff. Using unique passwords for every site (or at least every important site) is still one of the best things you can do to keep yourself secure. In addition to using unique passwords, using a multifactor authentication app is a key step in securing your critical accounts and information.
The Sophos X-Ops’ Active Adversary Report found that in 2023, for the first time, compromised credentials – where a cybercriminal uses the log in details they have stolen to get into a business’ network – were the number one root cause of attacks that led to data theft and ransomware attacks, with more than half (56%) of the attacks analyzed linked to a name/password sign-information that wound up in unfriendly hands. That’s a 26% jump from 2022 to 2023.
It’s also important to remember the power of ‘no.’ The best way to protect your data and information is to not give it away in the first place. Just because a site asks you for your birthday, doesn’t mean they need it, nor are they entitled to it. Put simply, if a site or service doesn’t have your information, they can’t lose it, accidently disclose it nor can it be stolen from them.
If you just do just those two basic cyber hygiene things, you’ll be a long way towards keeping yourself safer online.