Is your account truly yours?

A photograph of office workers in an open plan office, they're all using Macs, so they're probably doing something creative.

For financial professionals only

This is our latest article in a series putting the spotlight on Information Security. Here, Sarah Coles discusses the impact of account takeover and gives 5 top tips for preventing attacks.

Last year’s most common type of fraud was account takeover – a form of identity theft where attackers change sensitive account information and “take over”. This can have serious consequences for you both professionally and personally.

Imagine spending years building up your company’s social media presence, only for it to be taken and used to scam your followers. For example, an attacker could change your password, begin controlling your account, and post stories promising cryptocurrency giveaways. Your followers believe you’re posting and engage with the scam. Once they’ve lost money, it will be difficult to build your reputation again.

You may have moved personal photographs into The Cloud to free up your smartphone’s storage.  A compromised password may mean you’re locked out of that account, irretrievably losing the photographs taken over the years.

It’s not always strangers accessing your accounts. 57% of us share passwords with a “significant other”, with only 11% changing passwords after a relationship breakdown [1]. You should review recent activity of your sensitive accounts to see how frequently someone, or something, is trying to log in to your account. For example, my Outlook account recently showed 3 unsuccessful login attempts from Boston and Paris in just 3 days! My Netflix account revealed similar activity.

With 64% of consumers using username and password combinations to access their digital financial services accounts [2], the above ‘hacks’ are simple to execute by anyone worldwide.

Here are 5 top tips to keep control of your account:

  1. Set up multi-factor authentication (MFA)

With MFA, even if a remote attacker knows your username and password, they still need access to a second factor, such as a code sent to your mobile phone, to gain access.

MFA is simple to setup and should be enabled for your email, financial services, and health services at a minimum.

To learn more about MFA, take a look at our quick guide.

  1. Start using a password manager

The key to strong passwords is length. An automated tool takes 62 trillion times longer to crack a 12-character password than one with six-characters, even if that shorter password uses a mixture of letters, numbers, or special characters.

Remembering long unique passwords is virtually impossible without the help of a password manager.   Some common examples are LastPass, 1Password and Dashlane.

They are secure and encrypted, and you only need to remember the master password, so make sure it’s a good one!

  1. Stop reusing passwords

Reusing the same password greatly increases the risk of your accounts being compromised. Use your password manager and start setting unique passwords.

  1. Review account activity

The best way to tell if someone else is using your account is to review recent sign-in activity.  This helps you to spot unusual activity, remove unauthorised devices or accounts and reset your password in a matter of minutes.

  1. Change your password straight away if you’re breached

Attackers often purchase stolen information online and attempt to log in. So you’ll need to act fast to secure your accounts and reduce the chances of identity theft.

Remember, setting up MFA will increase your account security.

More useful resources to help you increase security

Check out:

 

[1] https://cdn.comparitech.com/wp-content/uploads/2020/08/password-sharing.jpg

[2] https://www.pymnts.com/authentication/2022/61-pct-consumers-willing-use-anything-but-password-access-online-accounts/#:~:text=In%20fact%2C%2064%25%20of%20consumers,analyzes%20responses%20from%202%2C719%20consumers.

This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity. Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.  

Speak to us and find out how we can help your business thrive.