Last week, Yahoo confirmed that it was the victim of potentially the world’s largest cyber security breach which affected at least 500 million accounts. These data breaches affected the entire Yahoo group which includes Yahoo email, Flickr, and Tumblr. Personal accounts as well as business and even government accounts are now at risk. What we have learned from this catastrophe is that we individuals are not learning the lessons or putting what we know we must do to protect ourselves and our business into action.
While most companies that have been Yahoo’s shoes over the past several years in terms of online security breaches usually point to a state-sponsored attack, skeptics claim that this could just be a cover up for poor IT security. The problem with the majority of cyber security breaches is that the online criminals exploit known vulnerabilities where a security patch was not deployed or developed yet. Many of these attacks are preventable despite the growing numbers. With the world growing more reliant on digital in their lives, companies more often than not do not have adequate economic incentive to invest in proper IT security infrastructure. Many IT staff are not properly trained in cyber security or if they are, the skills are outdated. Consumers have to make a judgement call when it comes to sharing their personal information. This is a danger especially since the consequences of a cyber security breach is dire – such as autonomous vehicles or medical devices such as heart pacemakers or even prosthesis can be affected which can put human lives at serious risk.
There are also questions about how it took so long for Yahoo to reveal that it had been breached since it occurred in 2012. It is alleged that Marissa Mayer, CEO of Yahoo, knew about the attacks in July. This puts the potential Yahoo and Verizon acquisition on hold due to the public scrutiny and pitchforks of an the angry mob are surrounding Yahoo with United States Senator Mark Warner wanting the SEC to launch an investigation into the matter. While it is major, Yahoo is not alone. It took a whopping 4 years for Dropbox to even admit that it had been breached. That’s a long time for their customers to be left vulnerable!
That’s why individuals are lazy to accept minor inconveniences for better personal security. We willingly provide our personal information over social media, people can’t be bothered to install software updates for their operating systems or even their antivirus software programs. The most common passwords are easy like 123456 or abcdefg which any 5-year old could break into. Although encouraging individuals to be safe and imposing burdens on them is walking a fine line, both consumers, businesses, and governments have to realise that we are not invincible and we will be hacked if we don’t take care of ourselves. After all, for individuals – 1 in 5 Australians are hacked due to online banking, online shopping, and computer hacking. That’s a startling statistic. And with the information that has been stolen from Yahoo which are not limited to email addresses, names, addresses, and phone numbers – we are all at risk even if we haven’t used our Yahoo or Flickr account in years.
That’s why the Yahoo cyber security breach is teaching us the onus of our own cyber security is on us – not the IT guys. It’s a human problem.
What You Must Do Right Now to Keep Safe Online
1) If you have ever had any kind of Yahoo account, change your password. Go to your Yahoo account page, click on Account Security, and then Change password.
2) Pick a strong password that you are likely to remember. It can be a random nonsense phrase such as “YahooBreachSUCK3D!” which is unlikely for strong brute-force attacks to work on it.
3) Security questions were also revealed to hackers which is bad because people tend to choose the same security questions over and over again in each online account that they have. Yahoo recommends that you disable your security questions for the time being.
4) If you have used any of the same security questions on other websites, go to those websites and change them right now otherwise the hackers will use that same information against you to steal your identity and even your money.
5) Enable two-factor authentication on all your online accounts where available. Use BankVault for 3-factor authentication to keep you and your workplace safe for protection against computer hackers.
Finally, consider what information you do give over the companies that you have no control over. We trust the big guys like Apple, Yahoo, Microsoft, Facebook, Snapchat, and Dropbox to be secure when really they aren’t as secure as they could or should be. They have all been hacked in recent years, by the way.