Press
4. 3. 2019

Be safe in the Cloud. Beware, top 10 worst passwords!

Nowadays, the rapidly growing impact of technology and the issues related to security and privacy, have a vast impact on our lives.

Every day, we share information knowingly or unknowingly, when using our mobile phones and computers. Some information may seem less important to us, but when connected to the internet, a detailed online profile of each person can be created. Do you know who can see your child’s photo after sharing it on a social network? Is it visible only to your friends or can it be seen by everyone? You wouldn’t show pictures of your child to everyone in person, would you?

News and media are almost daily publishing information about recent hacker attacks. The victims of these attacks were not only celebrities but also ordinary people. The latest cases of misuse of user data, for political campaign purposes, are also worrying.

Did you know, that every 39 seconds there is a hacker attack or that 95% of attacks are successful because of human factors?

Cloud services are also a common target of cyber attacks. Below we have listed major attacks launched in recent years:

  • Dropbox 2012 – 68 million stolen user accounts (mails and passwords)
  • Apple iCloud 2014 – Strongly mediated leakage of private photos of celebrities stored in Apple Cloud
  • Google Year 2017 – A large-scale phishing attack on Google docs users.
  • Facebook attack 2018 – 50 million had their user data stolen.

Hackers apply different types of attacks. For example, in a ransomware attack, user data is held as a hostage. The hacker either gets the data, or prevents the user from accessing the data, and makes it accessible only on the condition that the user pays for it. This type of attack has increased by 250 percent since 2017.

Phishing is also a very common attack. The goal of phishing is to get user sensitive information such as passwords, login names, or credit card information. The attacker disguises themself as a representative of the service the user uses, and sends a false text alert to try to force the user to click on the link in the message and enter sensitive information. These messages are used in addition to email, text messages or social media.

Protection starts with the user and his or her online activity and usage of the right tools. In the following sections, we will describe how to protect yourself, when using different cloud services. In conclusion, you will find our list of recommendations that can help you to protect yourself online.

Secure the cloud service through settings

All cloud services use a certain level of default security, but it is up to the user to fine-tune the security settings. Cloud services, contain a wide variety of security settings, below, are listed the most common:

  • Strong password – The first and basic level of protection is a password. A password prevents the attacker from accessing your data. When you create a password, make sure it is long enough (at least 8 characters) and contains different types of characters, i.e. small and capital letters, numbers and special characters. It is crucial to change the password regularly and it should never be the same password. Protect your password as you would your PIN number for your credit card. Find the inspiration what kind of password you should not create. These are top worst passwords of last year:

For further information click HERE. Keep in mind, that mentioned passwords are the first choice of the attacker when breaking into your account.

  • Two-factor Authentication – Another level of security can be the use of 2-factor authentication. When signing in, not only a password is required, but also another code is send to the second communication medium, such as mail, phone or application. In this case, if someone accidentally or intentionally gains access to your password, they will not be able to sign in; because they do not have a second code, for which validity is mostly time-limited.
  • Set up sign-in notifications – Most services allow notifications to be turned on when you first sign in from a new device or can show if someone has repeatedly attempted to sign in to your account by using the wrong password. You can also check when and from which device someone signed in to your account.
  • Deleting sensitive information – It is good practice to also check data stored in the cloud service. Do you have a bank account number, PIN, identity card scans, or very private photos in your emails? Take preventive measures to reduce the impact of any leakage.

 Basic safety rules to be followed by each user:

  • Use an 8-character password consisting of: small and capital letters, numbers, and special characters. Some services will warn you when your created password is weak.
  • Change your password at least once a year, or in the event you have a suspicion that your password was stolen, change it immediately.
  • Do not use the same password on different services.
  • If you log on to your account on an unknown machine, never choose the option to remember the password. It is good practice to use incognito mode so that the browser does not remember login details or visited sites history.
  • Do not subscribe to sensitive services (smart banking, health insurance) on an unverified network such as a public Wi-Fi.
  • If the service allows, set up a notification to sign in from the new unregistered device.
  • Check and set your sharing information settings according to your preference.
  • Install antivirus on your device. Several products are also available as free versions.
  • If you enter sensitive information on your site such as your name, password, card number, check the page link to see if it is a valid page, and whether it has a valid certificate and if the https protocol is being used.
  • If you receive an email from an unknown user informing you about an attack and requesting a password change, check on the Internet, to see if it really happened and if it is not just a false message from an attacker. An attacker will try their best to make the mail look trustworthy. In case you are not sure about the sender of the message, do not click directly on the link in this message and instead log in to the service and change your password there.

Article was published also at: Aktuality.sk, Teraz.sk, Nový Čas, Dobré noviny, Dnesky, Hlavné správy, 24hod.sk, Pán občan.