Only 30% of us use a unique password to protect our information [1]. This is no surprise, given the average person uses over 100 sites and services [2]. And while you probably realise the risks, it’s easier to recycle an old password to access your account quickly.
You might also view certain sites as low risk. What would an attacker want with my HelloFresh account? However, this could be an attacker’s route to more valuable information. Once a website is compromised, account details are often sold online. Attackers know we reuse passwords, so they try logging in with these credentials across other sites, such as your email account.
Credential phishing – an attack aiming to steal your account username and password – accounted for nearly two thirds of all malicious messages sent in 2021 [3], and with the Russian Ukraine invasion increasing the risk of cyber attacks, it’s vital to protect your information.
Cyber security is a life skill
You may feel overwhelmed and unsure where to start, so here are five actions to help. By implementing just one of these, you’re on your way to better security.
- Use Multi-Factor Authentication (MFA) wherever possible – focusing on high-risk accounts first.
- Use a password manager to help you set unique passwords – there’s no need to remember them, and plenty of free versions available.
- Avoid using shared credentials – this makes it difficult to identify who’s accessing the account and increases the chances of the password being shared further.
- Keep shared passwords updated – if you must use shared passwords, make sure you change them when employees leave or relationships breakdown.
- Apply security updates when prompted – don’t ignore your mobile phone updates!
What is “Multi-Factor Authentication”?
Only 28% of UK businesses cover Multi-Factor Authentication (MFA) in their security awareness training [1], so you may be wondering what it is.
MFA, also known as Two-Factor Authentication (2FA), requires more than one authentication type for access. Imagine a safe in your house with valuable possessions inside. The safe is protected with a code, providing one layer of security. If someone guesses or gets hold of that code, they can open it. To add an additional layer (MFA), you could buy a safe with a fingerprint scanner. Now an attacker needs access to the code and your fingerprint.
With MFA, even if an attacker convinces you to enter your credentials into a phishing site, they still need an additional piece of information to access your account, such as your fingerprint or one-time mobile passcode.
MFA underpins most banking apps and is also available at Parmenion. There are resources online which show you how to enable MFA on Amazon, Apple, Dropbox, Google, LinkedIn and plenty more. It only takes around 10 minutes and is well worth your time – I’d recommend prioritising email accounts. Many services allow you to reset passwords via your email account, so activating MFA prevents an attacker accessing your inbox and resetting services tied to your email account.
What’s coming next?
In my next article, I’ll discuss the benefits of using a password manager in more detail!
[1] https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-state-of-the-phish-2022.pdf
[2] https://tech.co/password-managers/how-many-passwords-average-person
[3] https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-human-factor-report.pdf
This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity. Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.