“The data involved in the Facebook and Google+ incidents, such as hometowns, birthdays, and other personal details, are often elements of weak passwords,” added Secretary of Administration Sharon Minnich, whose office oversees cybersecurity for Commonwealth agencies. “Additionally, the personal data could be used in phishing attacks to convince targets that the criminal is someone they know or trust.”
“We live in an age where technology is providing both enormous benefits and heightened risks for consumers and businesses,” said Secretary of Banking and Securities Robin Wiessmann, whose agency established a Cybersecurity Team in 2015. “Cybercriminals are taking advantage of people who are still choosing convenience over caution and using weak passwords, re-using them on multiple accounts and rarely changing them, thereby increasing their risk of identity theft.”
According to an industry report, 81 percent of hacking-related breaches that occurred in 2017 used either stolen and/or weak passwords.
The Commonwealth and other security experts recommend the following password practices:
- Do not use your name, date of birth, a pet’s name or other personal information in your password that may be available on social media and other sources.
- Do not use the same password for multiple accounts or devices.
- Change your passwords regularly and do not reuse old passwords.
- Never share your password with anyone and be wary of emails or phone calls that ask you to reveal it.
- Use combinations of letters, numbers and special characters in your passwords.
- Consider using passphrases. For example, select the first letter of each word in a sentence or phrase, then replace some of the letters with numbers or special characters to create something that is easy for you to remember, but impossible for others to guess. For example:
Start with, I went on vacation to Hawaii last year and it was wonderful!
Then, use first letter of each word: Iwovthlyaiww!
Finally, add uppercase letters, numbers and special characters: Iwov2Hly@iww! - Use stronger authentication methods when they are available. A one-time PIN code sent to your mobile device or being required to answer challenge questions provide an extra layer of security for your accounts.
If you believe one of your passwords may have been compromised, you should:
- Change the password immediately Ii you still have access to the potentially compromised account,
- Contact the company to make it aware of the issue.
- Monitor the account for any unauthorized or suspicious activity.
- Scan your computer or other devices with internet access for malware.
- Consider closing the account and opening a new one.
You can find more tips at www.pa.gov/guides/cybersecurity.
The Office of Administration oversees the commonwealth’s cybersecurity strategy, standards, and enterprise security posture. The office works with state agencies to prevent and defend against cyber attacks and continuously promote security awareness.
The Department of Banking and Securities also offers businesses online resources that can help businesses protect themselves and their customers from cyber thieves: www.dobs.pa.gov/Businesses/cybersecurity.