I KNOW YOUR PASSWORD
OK sorry I lied but wanted to grab your attention its very important, I don’t personally know it, but potentially there’s plenty of people or autobots who do. Read On to find out more. It could save you thousands. Plus, there is free offer at the bottom for our clients.
Humans by their nature are habit forming in the main, lots of things we do, we do the same at each place we go. So, passwords and usernames are not really any different.
Most people will use the same password at multiple sites and locations. Or use the same pattern. So, chances are your Amazon password is the same as your eBay password or your sports club online booking system. Maybe you increment your password each reset or use a name with a number in it.
Problem is the systems we use online are used by scammers to trick you into revealing your password, also Hackers use exploits to hack and gain data from systems you have subscribed to. For example LinkedIn had a data breach in 2012 and if you were a member prior to June that year and still use the same password you used there now, say at amazon, then potentially people could log into amazon as you and then worse buy something expensive and post it to a dubious address.
Then we have the emails we receive into are inbox every day. Scammers want your data, so they pretend to be something there are not. We have all seen these and think we won’t be tricked. But we are busy, we might not notice that update your personal info request you received from the TV licensing website or your bank, or PayPal. The list goes on, actually contains a link, that when you click on it takes you to a site that looks so realistic. You log into it. Only it fails, and you think whoops “I typed my password wrong” So you try again, and it lets you in, happy days. Or so you think, and you forget about it.
BUT here’s the thing. It might have been a genuine email, so your safe. But very high chances are it was a fake email. It had a link that said Amazon.co.uk. but underneath it took you to amazinn.co.uk. It looked the same at login and you didn’t notice the address in the address bar. Only when you logged in and it failed, it captured your username and password, then redirected you to the real amazon website where you then logged in. Worrying isn’t it?
Those usernames then might be used at a later date to gain access to amazon or other sites and used for financial gain. Or they might sell this data on the Dark Web for a 1$.
So, what if you Staff at your work use their work emails and passwords in their personal lives? What if their amazon account username and password actually let them log into your corporate cloud Dropbox for example? What if it lets them log into your Email system and gain access and scrape out all your contacts, and then send an invoice out to your clients with a fake bank account? Nightmare, GDPR and ICO issues will follow.
So, you’re thinking, “this won’t happen to me or my business, I am far too sensible and security conscious, my staff are too sensible too, so we are ok”. Well ask yourself how many good people and intelligent people you know or have heard of, have said they have been hacked and had money taken from them or paid money out thinking it was a real request. Chances are they haven’t been hacked or specifically targeted, they have just either given their details away as part of a “phishing” technique or have had their data leaked from a system they used at some point and the password is still the same. Such as the LinkedIn example previously discussed.
Here at iNTALECT we want you to be secure in business and at home. Everything we do in our Managed Business IT Support is focused around being Cyber Security Secure. We use specialist products for our clients to make sure they are as secure as they can be for their budget. Having a password policy doesn’t cost a penny. Using 2FA at work if you have a mobile phone doesn’t cost anything usually. In fact, you can turn it on right now at Amazon, PayPal, eBay and loads of other websites you use every day for free. If you don’t know what 2FA is let me know and I can explain. But I will write another article soon.
At iNTALECT we can scan the Dark Web continuously to look out for data breaches and if your credentials and your staffs become available online then we alert you. We can do this for free for our clients who subscribe to our Enhanced Desktop Support with ATP on Email. We just need your permission to do this. If you don’t take those services, we bill this as monthly service. Its low cost and could save you thousands. It will also scan your personal accounts as well for key people in your business. Say the Chairman’s iCloud or Gmail account.
Action to take from this:
- Turn on 2FA where possible both in work and personally
- Change your passwords and use secure passwords. Set a company Password policy, and implement it. Need help with that? then we can help.
- Don’t share your passwords with other people. As that person might get scammed
- Send me an email / message asking me to activate your Dark Web Scanning.
- Be super careful when clicking on links on emails. To see what is really is hover over it and it should show you the link, If not sure copy it with a right click and paste into Notepad / TextEdit and then look carefully at the address.
- Ask the iNTALECT Helpdesk, log a ticket. Get a second opinion.
- Share this article from the links below on social media, and you could save them thousands. Forward to your work colleagues, Friends.
Get in touch with iNTALECT if you’re looking for a new IT partner who is Cyber Security focused. Contact us today, and ask how we can help to protect your business
Some of the Services we offer include:
- Managed Business IT Support with Cyber Security
- Cyber Essentials Certification
- Network Audits
- Email Filtering with Advanced Threat Protection
- Dark Web Scanning
- Email Vulnerability testing on your staff
- Ransomware Protected Data Storage
- Office 365 and Azure Migrations
- Disaster Recovery and Backup Solutions
- Firewall / UTM as a Service with WatchGuard
- Desktop Threat Management with SentinelOne
- Patch Management and advanced Anti-Malware solutions