With hacks and data breaches making the news on an almost daily basis, the words may seem interchangeable. However, although there may be some overlap, there are key differences between the two. With the privacy of their online information almost constantly at risk nowadays, consumers should know what they can do to help ensure its protection.
But how can consumers better protect their online identities? What should they do when they hear of a hack or breach at a company that they know they use? It’s first a good idea to know the difference between, and the implications of, a hack and/or a breach – the rest follows on from there.
What is a hack?
Simply put, a hack is an intentional attack perpetrated by a malicious actor to gain unauthorised access to a protected system such as an employee’s computer, a personal mobile device, or even a company server, with the intention of stealing private information or holding that system to ransom. The WannaCry ransomware attack that crippled the NHS in May 2017, for example, encrypted important files, threatening to destroy them unless a payment was made in Bitcoin.
Hacks can be carried out by lone wolves, or by organised groups of attackers, each employing various different tactics. Some will use sophisticated hacking techniques, for example, while others will rely on software programs to do the work for them.
It’s important to note that hackers aren’t all criminals, of course. Indeed, many companies employ penetration testers, or white hat hackers, to test their own defences and identify and fix vulnerabilities. However, if a company or service does get hacked, it’s generally bad news, even if your own private information escapes compromise this time around.
What is a data breach?
A breach occurs when data, unintentionally left vulnerable in an unsecured environment, is viewed by someone who should not have access to it. While hacks are the result of malicious behaviour, data breaches are more often down to security vulnerabilities that arise from negligence, human error, or non-malicious behaviour.
Equifax is the biggest example of this in recent memory, in which the breach occurred when a vulnerability in the Apache Struts framework was exploited, arguably leaving the data unintentionally at risk.
With hacks and breaches on the rise, it’s often difficult to stay calm and not fret when companies alert us to a hack or breach occurring. However, there is an easy way to provide yourself with a strong first line of defence. It begins with the password.
The rise of the digital identity
Passwords are to the digital age what seatbelts were to the auto industry. They protect your identity, finances, and other critical personal information and, with most of this information now being stored online, they are a crucial part of everyone’s digital identity.
However, while passwords have been used for hundreds of years in one form or another, and show no signs of slowing down, they can be flawed. We can be extraordinarily uncreative when it comes to passwords, and this is down to the sheer number of them that we have to create – sometimes on a daily basis. We are using more and more online accounts in our everyday lives – the average person has more than 90 apps installed on their phone, using around 9 per day and 30 per month. Historically, figures show that the number of online accounts that we use on a day to day basis – online tax forms, takeaway food accounts, even online contests and company newsletters – tends to double every five years.
Creating unique, secure passwords for all of these accounts is nigh on impossible so instead, most of us react with indifference and tend to use the same password everywhere. This approach is fine, until we get hacked. Instead, technology should be used to its fullest to create the strongest passwords possible, to protect ourselves as best we can.
The majority of notable breaches stem from password hacks; an employee who uses the same poor passwords for both personal and work accounts puts their entire organization at risk.
It’s critical, therefore, that companies educate their employees on how to manage their passwords and provide them with tools that make secure password management simple and effective. Business leaders need to instil the thinking that all workers are part of the front line of protecting their companies from hackers and security threats.
Protecting your own identity
Our identities are becoming increasingly digital, and the effects of a hack or a breach can impact businesses and consumers alike. With the majority of data breaches being down to poor password hygiene, proper password and identity management discipline at every level of the business is greatly needed. Only then will the business world, and by extension the consumers that rely on their services, become more adept at managing their own online security and make the digital world a more secure place.
Password hygiene isn’t just for when you are hacked, it is for the everyday use of the internet whether at home or at work. You may not be able to control the security architecture of the digital services you use every day and that hold so much of your data, but you can take steps to protect your own digital identity in this increasingly online world. When this happens, by extension, everyone else’s identities become safer too.
Emmanuel Schalit, CEO of Dashlane
Image Credit: Stokpic / Pexels