Analysis and Prevention of Account Hijacking
According to experts, passwords shouldn’t be the only way you defend your accounts. After all, hackers have plenty of tricks and tools to steal them. So to help businesses fully understand the risks involved, Google conducted a study on the causes of account hijacking.
From March 2016 to March 2017, Google and UC Berkeley researchers examined three main ways hackers hijack accounts:
- Keylogging software – a malicious program that records computer users’ keystrokes
- Phishing emails – to lead people into dangerous websites
- Stolen passwords – available to the highest bidder
In just one year, Google found 788,000 successful keylogging attacks, 12.4 million victims of phishing attacks, and 1.9 billion accounts exposed via login credentials sold on the black market.
Researchers suggest the reason so many accounts are hacked is because people tend to reuse their passwords, which means if one set of login credentials is exposed, other accounts could be compromised.
Phishing is also a big threat because it targets users — the weakest links in your cybersecurity. The strongest password or security system won’t mean anything if your employees constantly fall for online scams.
Protecting your accounts
There are several things you can do thwart account hijacking. For starters, you should set strong and unique passwords for each account to minimize data breaches.
While the general rule in the past was to set a complex password — a mix of letters, numbers, and symbols — recent studies suggest that longer, 20-character “passphrases” are much tougher to crack. If you find it difficult to remember several passwords, consider using a password manager, which not only stores all your passwords, but can generate strong passwords, too.
To deal with phishing attacks, you should activate multi-factor authentication on your accounts. This adds an extra layer of identity verification to your password (e.g., a fingerprint scan or a temporary security key sent to your phone), making your login details ‘unphishable.’
Security training is also crucial. This includes teaching your employees about what phishing attacks look like and instructing them on password protection best practices so they never fall victim to account hijacking.
The bottom line is not only that strong password security requires strong defense mechanisms; you and your employees must be vigilant, too.
Need more advice on keeping your business safe? Call us today! We provide critical security updates and comprehensive support services to help you stay well ahead of cybercriminals.