As news reportsregularlyindicate,cyber attacksonbusinesses worldwide arebecoming increasingly frequent and severe.These incidents often result in data breaches, causing the exposure and/or theft ofusers’ personal information, such as passwords, credit card numbers and other sensitive information.
Althoughonline service providershave an obligationto ensure that users’ transactions and data aresecure,each of us isstillresponsible forprotecting ourlogin credentials and personal informationto thebest of our ability.Unfortunately,even following the rules perfectly may not preventyoufrom being breached.
By following cybersecurity best practices, you can minimize the likelihood of your account beingindividuallybreached. If this does occur,you canhelpminimize thedamageby following several recommended steps.
Why is your information valuable?
Cyber attackerscaninflictsignificant damageusingminimal information. For example,many peopleusetheir emailaddressasapasswordrecovery mechanism for other accounts.Ifyouremail addresswas hacked,a criminal can potentiallyreset your otheraccounts’passwordsand make purchases in your name.They may also be able to access your private communicationson social media and target your friends and familyfor similar purposes.
Stolen credentialscanpotentiallyyield hugefinancialgains, so it’s not surprising that theymeanbig business:reveals the growing market on thefor breachedlogin data.
What is‘Have I Been Pwned (HIBP)?’and how is it useful?
As mentioned earlier, even if you are vigilant in protecting your account data, be aware that no form of protection is 100% guaranteed, and the websites youfrequentmay still fall victim to an attack.
In 2021, the average personcanown between 30 to 100 different accounts – so it ispossiblethat some of them may become compromised at some point through no fault of your own.
The website (orHIBP, with "Pwned"pronouncedeither"pawned” or “poned") allows Internet users to check whether their personal data has been compromised by data breaches.
The service collects and analyzes information about billions of leaked accounts and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email addressappears in futurediscoveredbreaches.
HIBP is a valuable resource for Internet users wishing to safeguard their personal information and security.
I found my account on HIBP. Now what?
If your email address appears on HIBP:
-
Replacethe password(s) of the account(s) specified.
-
Also reset the passwords of your other accounts if they were using the same password as the one(s) that werecompromised andensure that they are unique.
-
Enable 2FAfor any accounts thatsupport this method of authentication.
Note:, if your email address was not found it does not necessarily mean thatithas notbeen compromised in another breach:"Absence of evidence is not evidence ofabsence".
While theHIBPwebsite is a valuable tool,it likelycontainsonlya small percentage of all breaches that have ever happened.Furthermore,you may not be aware that a breach has taken place untilwell after it hasoccurred, sincein some casesHIBP may not obtain this informationuntil monthslater.In addition to checking HIBP regularly, it is strongly recommended that you remain mindful of the information stored and collected by your various accounts andprotecttheseby following cybersecuritybest practices:
-
Useyour McGill passwordONLY for your McGill account.
-
Createstrong, uniquepasswordsfor all your accounts.
-
ԲTwo-factor authentication (2FA)onyour McGill account.
-
Minimize the amount ofinformationyou storeon ecommerce sites where you have an account– you never know how secure these sites trulyare.
How does McGill’s Information Security team keep you safe?
In addition to promoting best cybersecurity practices,McGill’sInformation Security(InfoSec)teamin IT Servicesmonitorsandidentifiesimminentcyberthreats tothe University’s data andnetwork,thus enablingthetimely preventionofattacks.In fact, in2020 a threat intelligence servicewas launchedthat McGill andother organizations now use to proactively safeguard against cyber threats.Learn more aboutMcGill’sThreatIntelligenceservice.
DzԳܲDzԻdzԻ岹پDzԲ
We recommendsubscribing toHIBP’s notification service(see details below) andfollowingbest cybersecurity practices.
To useHIBP:
-
Go toand enter youremail address to see if it has been in a previous breach.
-
To be notified of future breaches involving your email address, sign up to receive email notifications.If you use multiple email accounts, we recommend signing up for all of them.
If your McGill password has been compromised:
-
Follow the steps inthe IT Knowledge Base article.
-
Stay vigilant: Donot reuseyour McGill password for any other account and follow.
For moreinformation about keeping your accounts secure, check out the following resources.