Home Advice Keeping Your Online Accounts Safe – The Adobe Debacle

Keeping Your Online Accounts Safe – The Adobe Debacle

AdminPosted on Posted in Advice

The importance of secure passwords and regular back-ups

My day has been delayed somewhat thanks to Adobe – the makers of web and print design software. Thanks to their insecure data storage, 2.9 million user accounts were hacked resulting in the loss of personally identifiable data including addresses, passwords and bank card details – our business account included. They advise that critical data was encrypted but having spoken to their customer support today and having been met by chaos and confusion, frankly I don’t trust that. Consequently I personally spent three hours this morning painstakingly going through all of our data to make 100% sure that none of the compromised details had been used elsewhere.

Fortunately our own strict policies meant that we could relatively quickly isolate the problem to the Adobe account and then contact our business bank to have the potentially compromised card cancelled. So thanks Adobe and we’ll be sending a bill….

What did we learn from this?

The key learning point from Adobe’s incompetence is that you can’t really rely on anyone 100% to protect your data – even large business institutions who you really would consider to be safe. So you need to make sure your own procedures are robust so that you can quickly “lock-down” and recover from any issues caused by third parties. Fortunately our own internal procedures allowed us to minimise any collateral damage caused by their breach. This starts with robust password discipline.

Control your passwords

When you set a password for an online account or even your home network, don’t be lazy. Make sure it’s robust using lots of upper and lower case letters, numbers and symbols.

Sadly most people, including some of our dental clients just don’t do that. Don’t use the same password for different accounts – this is very important. Hackers are switched on and once they have your data, they will look to gain access to other accounts that you hold. So be sensible and stop any damage from spreading.

For important accounts, change your password frequently, at least once every couple of months. Do not leave your passwords lying around or logged in your ‘phone in unencrypted form.

Credit card details

Where possible, don’t allow online retailers to store your credit card details. In some cases, for example recurring billing, this may not be possible but always explore alternative options first. Watch out because some online stores will store your card details by default and you have to actively select the option to prevent this.

Email accounts

Whilst email hacks are very rare, there are sensible precautions that you can take to avoid being compromised. One concern involves web-mail and storage of your files completely on-line, effectively outside of your control and reliant on the security protocols of a third party. At Dental Media we encrypt mail to and from our servers and don’t store mail at that level. Our servers are also PCI-DSS compliant, penetration tested and scanned for malware daily. This type of system, whilst putting the onus on the end-user to maintain security of their own network where the email is delivered and stored, is much more secure than reliance on web-mail.

A word about GMail – this is Google’s mail system which is one of the most popular web-mail systems available. If you do you use this system, enable 2nd-level authentication which sends a unique log-in text to you each time you wish to access. Whilst slightly inconvenient, this is more secure than a single-level password.

Dentists should be aware of the recent GDC standards update which calls for encryption of sensitive patient information. If you are using unencrypted email or storing mail of this nature on a web service, you should risk-assess and review your procedures. Please call us on 01332 672548 for advice.

E-mail phishing attacks – this is where a hacker sends an email purporting to be from someone else; particularly popular at the moment are Government institutions e.g. the HMRC.

Attached to these emails, which often look quite authentic to the average user, is a trojan just waiting to infect your PC and grab your login details. Quite often the attachment is a zip file which stands a better chance of breaching your virus checker. Be vigilant and don’t open these emails.

Summary

The recent hack of Adobe’s systems illustrates that you can’t rely 100% on the security of any third party provider, even very large organisations. Whilst hacking events are rare, it’s worth taking a step back and thinking through what could happen if any of your data was compromised. Simple tips like those above, can limit any damage from potentially catastrophic to something quickly manageable.

Adobe, everyone is watching to see how you respond.