Do Your Employees Understand How to Combat Cyber Fraud? (Start by Using Strong Passwords)
Stories continue to emerge about cyber security breaches that let hackers gain access to sensitive commercial and private information.
A recent report shows that something as simple as a reused password can expose a businesses to cyber fraud. Employers should be vigilant to ensure that their staff are trained on cyber security so that risks such as these are minimised.
Research released by RepKnight, a data monitoring company, revealed that thousands of email addresses and in some cases, the associated passwords, are available on the Dark Web (which, very roughly speaking, means those parts of the web not accessed through Google).
Weak Passwords Increase the Risk of Being Hacked
In an activity known as 'credential stuffing', criminals will use those passwords to try to access multiple other sites such as PayPal, Amazon and so on. If the available passwords have been used multiple times, the criminals will gain access to and control over those other sites – and can then steal valuable information.
If creator owners have also used these same passwords to enter their computer systems at work, this is a particular problem for businesses. Criminals can use these passwords in 'phishing' or other scams to access company networks and steal sensitive information like employee data and customer lists.
In its report, RepKnight were highlighting the number of law firm addresses and passwords on the Dark Web. RepKnight did confirm that none of the law firms it had found had, so far as they were aware, been hacked. Nor had client data been breached.
However, as RepKnight made clear, all businesses, not just law firms, are at risk of security breaches. They were focusing on law firms for their report because they were about to do a conference for law firms.
What do Criminals Do if They Find Out (or Work Out) Your Password?
Once in possession of your password, a criminal can:
- access your bank account;
- use your money to purchase goods online;
- send emails in your name (to get others to release sensitive information);
- impersonate you on social media (with potentially reputation damaging consequences); or
- access your computer to see private information held there.
Everyone needs to focus on better security
Everyone can better protect themselves from hackers by taking a few precautions:
- Use different passwords – do not repeat them or use the same password on multiple websites. Especially do not repeat passwords on work related websites that you have used before or used on personal sites;
- Read government advice on passwords some of which is available here:
- https://www.cyberaware.gov.uk/passwords; and here
- https://www.getsafeonline.org/protecting-yourself/passwords/
Don't forget to be vigilant when reading your emails. If an email looks suspicious, do not click on any links.
Employers should review their cyber security training programmes and ensure that employees are reminded of the risks – and to change their passwords regularly.
You can read more tips for cyber security here: Tips on protecting your business from cyber security breaches.
Contact
For further information, contact Susan Mayall on 0161 684 6948 - or make an enquiry.
Sources
- RepKnight report
- Government guidance (see links above)
Please note that the information and opinions contained in this article are not intended to be comprehensive, nor to provide legal advice. No responsibility for its accuracy or correctness is assumed by Pearson Solicitors and Financial Advisers Ltd or any of its members or employees. Professional legal advice should be obtained before taking, or refraining from taking, any action as a result of this article.
This blog was posted some time ago and its contents may now be out of date. For the latest legal position relating to these issues, get in touch with the author - or make an enquiry now.