Are you one of the Walking Breached?
A new F-Secure study reveals how people who used breached services — The Walking Breached — are significantly more likely to experience cyber-crime. For users with kids, the likelihood is even higher. Sadly, the numbers of The Walking Breached grow every day.
The finding that people who use breached services, especially if they are parents, become far more likely to experience cyber-crime should be a wake-up call. Securing not only their devices and accounts, but also the devices and accounts of everyone in their family, should be an immediate priority.
Data breaches fuel cyber-crime
In a recent F-Secure survey, 18% of respondents – nearly one in five – knew that they were using one or more online services that had been breached, placing them among the ranks of The Walking Breached. While that may just seem like a sliver of all Internet users, cyber-crime was clearly more common among these respondents. 60% of The Walking Breached, or 3 out of every 5, reported experiencing one or more types of cyber-crime in the 12 months prior to filling out the survey, compared with just 22% of other respondents.
The dynamics of a phenomenon called “account takeover” can help explain why breached users experience more crime. As soon as the credentials are discovered, attackers begin a process called “credential stuffing”, trying them out on tens of thousands of accounts with very little effort. When they succeed in taking over an account, they begin the process of monetizing it using various forms of fraud that are classified as identity theft.
People who reuse their credentials face greater risks of account takeover. Compromised credentials from a less secure site make getting into a secured one much easier.
Though good password advice has been widely available for most of this century — use strong, unique passwords for all accounts stored in a trusted password manager — too many people make life easy for cyber criminals. 39% reuse the exact same passwords on various online services. 57% reuse passwords with slight variations. Password habits are even more dismal for The Walking Breached. Half of that population, 50%, reuses the exact same passwords for different online services, apps, etc. And 69% – nearly 7 out of 10 – reuse passwords with slight variations
Parents suffer more breaches and cyber-crime
Unfortunately, one way to increase the risks of using the Internet, the report reveals, is to have a child.
22% of survey respondents with kids were using one or more breached services, compared to 15% of people without kids. And they were more likely to experience some sort of cyber-crime in the 12 months prior to filling out the survey—36% compared to 23% of respondents without kids. People with kids experienced nearly every type of cyber-crime addressed in the survey more often than their childless counterparts. Cyber-crime was also more common among The Walking Breached parents, with 70% experiencing one or more types of cyber-crime, compared to 48% of The Walking Breached without kids.
Some possibilities that put parents more at risk include:
- They have less time to mind security hygiene, which includes tactics like using a strong, unique password for all accounts and storing them in a trusted password manager or locker.
- Parents just have more things to secure – not just your own devices and accounts but their kids as well. And getting kids to follow security advice is often not easy.
- With kids, you’re likely to have a larger digital footprint, and more chances that personal info gets leaked online.
One of the challenges of being a good parent can be teaching a child to share. However, online sharing may not be caring. This includes sharing passwords between accounts and between family members—or anyone.
How to avoid becoming one of The Walking Breached
The Walking Breached reveals how Internet users are stuck between a proverbial “rock” and a “hard place.” They rely on online services for more of their lives and they must trust these services to preserve the security of their personal information. The reports lays out several recommendations for protecting accounts before and after a breach, including:
- Make the effort to use strong, unique passwords.
- Do not volunteer private information.
- Whenever possible, go beyond passwords with 2-factor authentication.
- Monitor the integrity of personal information by using Hawaiian Telcom SafeGuard to keep track if your data has been exposed online.
- Stay on top of your accounts by checking statements and activating any alerts financial institutions offer.
- Do not underestimate exposure to threats, as accounts are quickly opened and may be forgotten just as quickly.
People have to be aware that no one will do more to protect their data than they will. Preparing for the worst—a breach of personally identifiable data—requires taking the best available steps to lock down personal information and the accounts that hold that information.