So why bother?

Banks always give us our money back instantly, so what else is there to lose online?

I don't use '1234' or  'Password1234' or any of those other silly passwords so they'll never guess mine

All my stuff is locked away on my phone and PC at home. Nobody can get near it

It's all too much hassle having all those different passwords and all that - and who's going to bother trying to steal what I've got?

A fictional (but true-to-life) case study

There’s no doubt that most financial institutions are pretty quick at refunding you first, and then asking questions later if you unexpectedly lose money from your account – MOST of the time.

Strangely enough, it’s often not the banks, nor the money involved in a financial scam that causes you the greatest worry.

Let’s take a look at ShabbyMedia Inc, a fictional business caught-up in an all-too-real event…

ShabbyMedia has more than 10m subscribers to its social media platform. Tucked-away in its databases are the usual mix of email addresses, usernames, passwords, names, addresses, likes, dislikes, posts, educational history, employment history etc etc – all the stuff that many of us are willing to share with “trusted” providers of social media platforms.

In March this year, ShabbyMedia discovered some “unusual activity” on its servers and contacted its entire userbase telling them that:

“out of an abundance of caution we have reset everyone’s passwords and urge you to consider doing the same across all your other online accounts.”

They were forensically investigating what this “unusual activity” was and would let their users know as soon they found out more.

As it happened, they were able to go back to all their users at the end of April, when their exhaustive investigations had concluded, with the reassuring news that:

“although it appears that ‘outside agents’ had indeed gained illicit access to a very small part of our network, only approx 350,000 users had had their details compromised, and that it looked like it was only their usernames, passwords and other non-financial data.

We have already contacted those affected in that way to help them remedy their situation.”

Cue huge sigh of relief and everyone moves on (particularly if you’re not in the 350,000 right?) …

But let’s just consider what those numbers actually mean and what the very real and on-going effects actually were … 

The real-world implications for the 350,000

If you were one of those unlucky 350,000 to have had your details compromised, your first thought would probably have been something like …

Q1

So let’s follow that process and see how it plays out with some reasonable estimates along the way…

Q2

350,000 breached accounts becomes almost 1.9m in reality

  • “I don’t use silly passwords like password1234”
  • “What have I got that anyone would want to steal anyway?”
  • “Using different passwords all over the place? It’s too much hassle…”

Most of the time, it’s our own apathy that catches us out, not the fact that our personal details have been accessed without our permission.

It’s also worth bearing in mind that you can’t control whether your details ever get hacked – that’s solely down to those that you entrust them to – like ShabbyMedia.

In today’s world, having our details accessed without our knowledge or permission is just a way of life. It will already have happened to anyone visiting this site, and it will keep on happening.

Even if all you do online is to run one single email account, and you buy things and pay bills by going to the high street or over the phone, all those places – shops, stores, utility companies, banks, mortgage companies, government departments – they all have your details on their databases and it is inevitable that leaks will occur – whether they’re forced by a hacker, or unintended by an employee.

So … why bother?

Because, with a few very simple steps, you can enjoy all the convenience and benefits of the internet and massively reduce the risk of your log-in details and personal data from all different accounts being illegally accessed.

Just 2 simple steps would have limited the damage...

For those 210,000 ShabbyMedia users who re-used their log-ins on other accounts, just 2 simple things would have contained the problem just to their account with ShabbyMedia and kept all their other details elsewhere safe from attack:

Q3

Step 1

By far the biggest help to limiting the damage in this particular case would have been only using one password per site or account or log-in. Re-using the same password – or even similar passwords e.g. “Password1234” and “Password4321” is just as bad as using the same password – alongside using weak (easily guessable) passwords is the one thing that puts you at most risk online.

Making that one single change to unique, strong passwords for each account massively contains the risk of inevitable future breaches and hacks as it would limit the damage to one account only.

Step 2

If you’re not ready, or are unwilling to commit to one unique, strong password per account then take advantage of multi-factor authentication wherever it is offered.

At least that way, if you absolutely have to re-cycle passwords over a number of accounts, you can rest more easily that there is another barrier to someone simply walking-in and helping themselves to your personal data, money, files, photos or whatever else it might be that’s stored online.