Experimental feature

Listen to this article

00:00
00:00
Experimental feature
or

There are no equivalents to highway codes, nutritional guidelines and movie-style ratings systems to help people make safe choices on the internet.

Many consumers feel hopeless and helpless, as retailers, healthcare providers and governments lose millions of records and hackers steal their identities to make fraudulent transactions. Senior businesspeople may be among the most at risk because of their wealth or because they may have access to commercially sensitive material.

Current forms of cyber security protection, particularly for individuals, are not keeping up with wily hackers, who are able to change tactics quickly.

Jay Kaplan, chief executive of Synack, a security start-up, says people should prioritise monitoring how their information is being used, because they have to assume it has been stolen by someone.

“It is inevitable,” he says. “Everyone needs to take a stance that eventually their information will be compromised unless they live under a rock and never share electronically. Even then, it is impossible, given they do things such as file tax returns.”

Regularly checking your personal credit rating is the best way to keep track of financial fraud, but it is harder to monitor how hackers are using healthcare data or how identification such as social security numbers in the US or national insurance numbers in the UK, that are used to access myriad sensitive accounts, may be being misused.

Mr Kaplan says companies’ and government agencies’ dependence on this form of identification and other easily discoverable identifiers such as names, addresses and dates of birth, is archaic and no longer secure.

He recommends companies come up with a more secure authentication system and that consumers use two-factor authentication, where a password is used in conjunction with another randomly created code, often sent by SMS or generated by an app.

Vince Steckler, chief executive of Avast, an antivirus software maker for consumers, says people become scared when they see thefts of individuals’ data from companies such as Target and Home Depot, the US retailers. But he adds they really need to worry about how much data they share voluntarily online.

“Users probably give far more private information about themselves through their normal use of the internet — Facebook, WhatsApp, just about any kind of app on a phone or computer,” he says. “They give up a massive amount of personal information. The biggest threat to people’s privacy is just the legitimate stuff they are using.”

Hackers often use publicly available data about people that is on the internet to “socially engineer” contacts, pretending to be someone users know or trust in order to get them to download an attachment or click on an infected link. Or they can use online information on friends and family members to answer the questions that might be used to access password codes.

“On a public profile, people have where they are born, what university they went to, who their family members are, what city they live in. All that information can be used to get more private pieces of information such as social security numbers, addresses and phone numbers,” Mr Steckler says.

People should be aware of what information is available about them online and be suspicious when they receive emails from unknown senders. When clicking through to another site from an email, do not enter personal details as it could be a fake domain. Instead, search for the site on an independent search engine and log in from there.

Senior managers and executives in organisations may be even more at risk, cyber security experts warn, as hackers will presume they have good credit ratings or perhaps access to confidential work files while working remotely.

Tony Anscombe, head of free products at AVG, a security software maker, says consumers need to think about forgoing some convenience in return for better security. When shopping online, he recommends people use the option to check out as a guest to restrict the number of ecommerce sites that store their details.

“One of the first things I suggest to anyone is you can type in your credit card details each time you make a purchase. It is only a 16 digit number, it is not too complicated,” he says.

He adds that consumers should use different email addresses for different purposes, such as shopping and banking, so hackers cannot match an email stolen from an ecommerce website to one from a bank. Emails from more than one address can be directed to the same device, so this should not be too inconvenient, he says.

Other basic steps that Mr Anscombe recommends include checking your social media settings to make sure you know what you are sharing, turning off facial recognition so that you do not get tagged in photos without your permission and using different and complex passwords for each account.

“Every time you write something down that is personal, think: Who is storing it, where is it being stored and why am I sending it to them?” he says.

Copyright The Financial Times Limited 2017. All rights reserved.
myFT

Follow the topics mentioned in this article

Follow the authors of this article