Account Compromise: How to Keep Your Accounts Safe from Hackers
From Facebook’s contentious data breach to LinkedIn’s data hack, the media has been flooded with stories about high-profile data breaches in recent years.
Similarly, the media was awash with conversations about the Flutterwave hack which took place in February 2023, the hackers reportedly transferred ₦2.9 billion from Flutterwave accounts. The hack was initiated by first transferring the money into 28 accounts in 63 transactions. This involved 27 banks and a number of random customers whose accounts were involved.
LastPass also recently suffered a digital breach after an earlier breach in August 2022. The hackers stole important corporate information including customer’s data and their entire password vaults. They were again hacked in 2023 through a senior engineer’s home computer and obtained critical information available to only four top employees. With all of the reports of account compromise activity, you have to wonder if your organization is vulnerable.
Unfortunately, the answer is yes.
It’s easy to dismiss your civil society organization as uninteresting to threat actors, but not all cybercriminals are out for a quick buck. Organizations are sometimes targeted because they have classified information or as a form of protest (Hacktivism).
Fortunately, there are a few security measures you can implement to reduce the likelihood of your accounts being hacked. We’ve compiled a list of our top five below.
5 Ways to Hack-Proof Your Organization’s Online Accounts
First off, it is important to note that account compromises are possible because of vulnerabilities in an organization’s cybersecurity policies, technologies, computer networks, and overall IT infrastructure. Applying the following measures will help reduce your organization’s cyber attack exposure and protect its sensitive records.
-
Use Strong, Unique Passwords for All Accounts
Sometimes the simplest security measures are the best. Setting up strong, unique passwords for each of your organization’s accounts is a frequently overlooked but very effective security exercise. You’ll be shocked by the number of account compromises that have occurred simply because a hacker could guess the password to an account.
As such, make it difficult for cybercriminals to gain access to your sensitive data by setting up strong passwords. By strong passwords, we mean:
This – “j57AB#Cq@^6GT9Fa” or “G!raffes are the most beautifu1 animals#”
Not – “iLovePeanuts”
Remember to use a unique password for each site. The reason for this is straightforward: if a hacker discovers the password to one of your accounts, they will attempt to use your login credentials on other services. And if you used the same password for both accounts, that account will be quickly hacked. Creating strong passwords isn’t rocket science if you know what elements to include, which we covered extensively in our guide here.
Pro Tip: we understand that great passwords are hard to remember. So use password managers like 1Password and LastPass to store your complex passwords for multiple accounts.
-
Enable Multi-factor Authentication
Using strong passwords for each of your accounts is an excellent way to keep them secure, but it is not foolproof. This is where two-factor authentication comes into play. Threat actors cannot access your account if multi-factor authentication is enabled correctly, even if they know the password.
That’s because they’ll be required to provide a one-time password (OTP) via a text message sent to a phone number you provide or a mobile authentication app like Google Authenticator that generates random and unique numbers on demand.
Tip: Secure your devices. Make certain that your tablet, laptop, and smartphone require a password, pin, or biometric identification to unlock. Otherwise, you risk exposing your accounts to strangers if your devices are stolen or lost.
-
Keep Your Devices and Software Updated and Use Anti-Malware Software
Cybercrooks are constantly looking for flaws in software/apps and operating systems that they can exploit to gain unrestricted access to your organization’s accounts. Knowing this, developers are constantly releasing patches (updates) to address flaws in their applications. Not taking advantage of these security updates is akin to leaving your organization’s door open for thieves to enter.
Take software and device updates seriously.
The good news is that you don’t have to do this manually; simply set your software or device settings to update automatically, and you’ll always be using the most secure version available.
In the same vein, keeping antimalware software up-to-date on your devices is an excellent way to keep your account safe from hidden malicious code that can wreak havoc on your accounts.
-
Keep an Eye Out for Phishing Attacks
Phishing is a common method used by hackers to gain access to accounts. Phishing threat actors will pose as a legitimate company such as Facebook to trick you into giving them your login credentials or other sensitive information.
For example, you may receive an email with a link that appears to be from Facebook but is actually from a cybercrook. If you click on this link, you will most likely be redirected to a fake Facebook page with a login prompt. Where the threat actor intercepts your login information as soon as you enter it.
At this point, they have successfully duped you into providing them with your account information, which they can then use to gain access to your account at any time.
As a best practice, treat all verification and account compromise emails with suspicion, especially if you haven’t attempted to log in to any of your accounts in a while. See our detailed guide for more information on identifying and spotting phishing attacks.
-
Learn to Spot Fake Applications and Software
When you install an app or software on your device, you permit it to modify your access data and device. If it is a legitimate app, it is relatively harmless, but if the software contains malware, things can quickly turn ugly!
To avoid this, check that an app or software is not a forgery before clicking the download button. One method is to only download apps and software from official websites and app stores such as Google Play.
Another option is to read reviews about the publisher or developer: if a quick Google search yields little information about them, or if the publisher’s name is unknown, run! This is frequently an indication that the app’s or software’s integrity is suspect and that it is not protected by a code signing certificate. It also indicates that a third-party certificate authority has not verified the developer’s identity (CA).
On a Final Note
Keeping information systems secure is becoming increasingly difficult for modern organizations. As you become more reliant on technology to improve company operations, the likelihood of data breaches rises. Hackers will use any means available to gain access to your accounts and exploit data breaches for their gain.
How much harm can they cause? A lot.
Your best bet is to keep this from happening in the first place. Be proactive and follow the tips provided here. Additionally, consider developing a data security policy for your organization to ensure that cybersecurity best practices are followed organization-wide.