Cyber Security & Compliance   10/01/2014

The Cyber Report

By Data Patrol

Staying ahead of cyber-crime is more important now than ever

In this edition of your monthly newsletter, we look at the largest theft of digital data so far, safeguards against hackers and a few interesting articles from around the web.

As reported by Nicole Perlroth and David Gellesa in The New York Times, a Russian criminal organisation has got hold of the largest-known collection of stolen web credentials, including 1.2 billion username and password combinations, along with more than 500 million email addresses, according to security researchers.

So far, it is reported that those responsible for the theft have not sold much of the data online. Instead, it is believed that they are using the stolen information to send spam on social networks like Twitter under the direction of other groups and receiving payment for it.

Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites," said Alex Holden, the founder and chief information security officer of Hold Security, the organisation that discovered the records. "And most of these sites are still vulnerable." There is worry among some in the security community that keeping personal information out of the hands of thieves is increasingly a losing battle.

This sentiment was reinforced by Lillian Ablon, a cyber-security researcher at the Rand Corporation, who said, "The ability to attack is certainly outpacing the ability to defend,".*

In the wake of this data theft, we've set out some advice direct from Experian to help keep your identity safe while enjoying the value and convenience the web has to offer:

  • Online Passwords: Create unique passwords for each site you use. Passwords should have more than eight characters (ideally 10-12). Avoid using words from the dictionary, and enable two-factor authentication wherever possible.
  • Inactive Accounts: Shut down any online accounts you don't use. Each account we have contains valuable personally-identifiable information which could be used to commit fraud if it got into the wrong hands.
  • Emails: Don't be tempted to open emails from people you don't know. If an email seems suspicious, contact the relevant organisation and don't give out personal details.
  • Social Websites: Be sensible about the information you share. Don't add people you don't know and remember what you might consider to be unimportant information like your birthday, email address or location could all be misused if seen by a fraudster.
  • On the move: Be smart with your smartphone which can contain emails and apps that can be accessed without a password. Regularly clear the cache on your device, and disable auto-fill settings. Remember that public networks and open Wi-Fi hotspots are riskier than private networks so be conscious of what you access and remember to log out when finished.

Credit Wise: One of the first places many people notice that they have been the victim of fraud is by spotting changes to their credit report. So monitor your credit report and bank statement regularly as it will help you spot any suspicious activity as early as possible to avoid financial loss.