This blog from ScotlandIS member, Backup Systems, discusses the basic steps to securing your personal information.
With the digital world constantly evolving, new ways emerge for hackers to steal your information. If services don’t keep on top of their security, they can find themselves being targeted by hackers who are two steps ahead of you. People looking to exploit unpatched vulnerabilities will sniff out improperly protected services, stealing user data and selling it for easy money on the dark web. These are often known as data breaches, with users’ email and passwords being distributed along with various other users, depending on how much information the hackers stole.
With one account compromised you might be thinking to yourself, ‘it’s fine I can just change my password’. This is the first thing you should do if an account is compromised, but what the hackers are banking on is you using that same email and password combination for your other apps and websites. Compromising one password can be catastrophic, if you don’t use different passwords. Hackers could have your online banking and personal emails in the palm of their hand, leaving you with quite a mess to clean up.
Multi-factor authentication aims to combat this by requesting an additional form of data on top of your password, so even if someone does obtain your password, they will still need an additional code that only you should have access to, upon request. This can be done in various ways, such as an app like Google Authenticator, which generates a different code every minute, which you copy and paste when logging in, on top of putting your password in.
Microsoft Authenticator will notify through its app to the user to confirm that a login attempt is genuine, rather than sending the user a unique code. Then there is also email and text where rather than an app generating a new code every minute, the code is texted or emailed to you, with this code usually only being active for 1 – 5 mins.
At Backup Systems we too use multi-factor authentication for our Web portal that our customers use, so when it comes to downloading your backups, only you should be the one able to access them. This extra layer of security helps give our customers a peace of mind knowing that if their login is compromised, then the hackers would still need additional information that isn’t obtainable from an online data breach.