How can I protect my personal data easily and effectively against access by cybercriminals?
Digital blackmail, data theft by social engineering, identity theft and password theft by phishing, as well as mass remote control of computers (so-called botnets) are areas of crime that, like hardly any other area, are experiencing a continuous increase. According to a representative survey of 1,017 Internet users conducted by the German Digital Association Bitkom in October 2017, every second Internet user (of the German respondents) has been a victim of cybercrime in the last 12 months. Only one in six of respondents filed a criminal complaint to the police. Moreover, Europol’s 2018 Internet Organised Crime Threat Assessment (IOCTA) highlighted that while data is the lifeblood for almost every industry and thus a highly valued asset of the digital society, more than 55% of member states have reported investigations into some form of network attacks. Although Germany’s police crime statistics reveal a rising number of cybercrime cases, the number of unreported cases is probably much higher than the 251,617 cases that are associated with online crime in 2017. The damages go thereby into billions and there is only one tendency, upward. Precise figures cannot be given as many cyberattacks are discovered very late or not at all.
The decisive factor for most successful cyberattacks is still the human factor. Technical cyber protection can be as good as it is: when humans fail at critical points due to carelessness or negligence they are worthless.
How can an ordinary citizen increase protection in order not to become an easy prey? One measure, for example, is password management.
The number of our online accounts has grown dramatically in recent years. Listening to music, preparing the next trip, getting the right outfit for a wedding, shopping for groceries, transferring money for a group gift: nowadays, almost everything is possible online. With every new service we use online, we need an account and therefore a password – and this is where the problem starts. There are daily reports of cybercriminals who have succeeded, in different ways, in accessing customer data. The small details often play a bigger role than the major systematic weaknesses. Effective password management can help raise these thresholds for criminals and make user accounts more secure.
Man is a creature of habit and this is apparent in the selection of passwords. A recent study conducted a comprehensive empirical analysis of password reuse and provided some disturbing results. In “The Next Domino Fall: Empirical Analysis of User Passwords across Online Services”, security expert Wang and his colleagues analysed password reuse and change patterns by examining a record of 28.8 million users and their 61.5 million passwords in 107 services over an eight-year period. The records had previously been stolen and made publicly available. By matching the email addresses, the researchers were able to compare the different data records and thus the assigned passwords. One of the most striking findings of the study was that 38% of users reused their passwords at least once in two different services and 21% only slightly modified them. The study further shows that even after a data theft, passwords are still used for years and that modifications are easily predictable due to their small variance. Experts repeatedly warn against the use of simple passwords that are easy to guess or that can be cracked relatively quickly using special algorithms. One password, many accounts. This problem does not only affect our private accounts as there are usually no major differences from those used for professional purposes for reasons of convenience.
In recent years, there have been reports of gigantic data leaks, including such well-known names as MySpace and LinkedIn. Multiple use of passwords poses a high risk for Internet users, which can have far-reaching consequences. To check whether your password is still secure or already circulating on the net, you can – at least in part – check this on haveibeenpwned.com.
More than half a billion passwords are stored in the database that have already been compromised by data breaches. If your password appears in the database, you should change it immediately and avoid multiple use. However, if you are among those who use simple password combinations such as “123456; password; qwerty; hello; login; 121212; master”, which have been identified by some studies as the most commonly used insecure passwords that always occur in published records of stolen passwords, a verification is redundant. If you use these types of passwords, anyone can gain access to your account(s).
You should therefore respect the following rules of thumb:
- use passwords with multiple characters, if possible 10 and more;
- do not use names and birth dates of friends and relatives or of places and companies with which you are connected;
- combine letters with numbers, uppercase with lowercase, special characters with punctuation;
- try, if possible, to change your password every few months and avoid making only slight modifications;
- use two-factor authentication (offered by many online platforms) to prevent criminals from gaining direct access to your account by stealing your password.
If you adhere to this practice, misuse of your accounts may not be completely ruled out, but you will significantly reduce the risk.
We wish you a safe week!
This article has been written by project member BIGS, Brandenburg Institute for Society and Security. BIGS is an independent, non-partisan non-profit institute in Potsdam with the mission of building bridges between theory and practice to improve research in civil security through a multi- and interdisciplinary approach.