Cybercrime is more significant than ever, especially around the holiday season. According to a report by IBM, 2021 had the highest average cost in data breaches in 17 years. And you guessed it; compromised credentials were responsible for 20% of the breaches.
Ensuring your passwords are complex and frequently changing them out are two of the few things you should be keeping in mind, but how often do employees do this? To that point, how often do YOU do this?
The answer for many is: never. According to PCMag, 35% of people never change their passwords and only do so if prompted.
Here are the top password attacks you need to know this holiday season:
A brute-force cyber
Don’t use anything in your password that involves your personal information like a birthday or social security number.
Credential stuffing is a cyberattack similar to brute-force attacks. They use a similar trial-and-error method, but they use stolen credentials to access your information.
These cybercriminals assume that you used the same password on multiple accounts and try to log in to these accounts with your compromised password. Never use the same password between your bank and social media accounts. Each account should have separate passwords unique to each platform.
Automation only makes this system more dangerous.
A keylogger is spyware that records a user’s activity by logging keystrokes. Keystrokes are what you type on your keyboard on any platform, and they use this information to steal sensitive data. Whatever you type into your computer, it’s recorded and used for identity fraud or theft.
These attacks are usually targeted through software, a phishing email or message, or a Trojan virus you unknowingly download. If you don’t know what the program or browser attachment is, don’t use it.
Keyloggers are difficult to track. Sometimes a slower computer and pop-ups are indication of this spyware.
A man-in-the-middle cyberattack often poses as a third party and sends a phishing message to your phone or email requesting further information. Look out for fake addresses and spelling in your emails. They may pose as your boss or friend, believing you’ll supply further information on the basis of trust.
They also come in the form of fake websites that harvest credentials and sell them on the black market after taking what information they need.
Phishing attacks pose urgent messages to your phone, instant messenger, or email urging you to click on a link or fill out personal information. Once you have responded or clicked on the link, they use the information collected to claim whatever confidential information they desire.
These messages might come from an email close to a boss or close friend. They might even come from a Nigerian prince, pleading for a chance at love.
Whatever the case, read your messages and emails carefully. You don’t want to be stuck on the other end of this cyberattack.
How to Protect Yourself from These Password Cyberattacks
The best way to protect yourself from a password-related cyberattack is to lockdown your logins. Here are the most effective methods for password cybersecurity:
- Enable two-factor authentication through your phone or an application
- Secure your router and do not indicate personal information around your router, like supplying your last name or street address
- Make a password that is at least 12 characters long and has random words or characters
- Have a different password for each account
- Keep your information in a password manager or a notebook separate from where you work
- Regularly check yourself on HaveIBeenPwned to see if you have experienced a data breach
Need An Expert?
If you need help recovering from a data breach or want to have a proactive partner in your cybersecurity, contact Go Kall IT for all your outsourced IT solutions. Start keeping your business safe today.