The hacking of a charity’s website recently serves as a stark reminder that, whether you’re a gigantic corporation or a charitable organisation, there’s no immunity from cyber-attacks
In April this year, hypoparathyroidism charity HPTH UK was hacked and personal details of thousands of sufferers of the illness were made public on the website PasteBin, the popular platform for hackers to publicise hijacked material. This kind of breach, more often than not, prompts heavy fines from the Information Commissioner’s Office (ICO) in relation to the Data Protection Act and, for charitable organisations such as HPTH UK; this would likely have led to financial ruin.
Luckily, experts at Secarma – the cyber security arm of UKFast – noticed the content one Sunday afternoon and swiftly contacted the charity, offering free assistance to fix the security flaw.
The ICO decided that, thanks to the immediate resolution of the issue, they would forego the rather hefty fine, up to £500,000 to be precise, and the charity were, thankfully, able to continue the great work that they do. It was a near miss and it demonstrates the indiscriminate nature of hackers, who often attack companies to test themselves or to prove their skills to a wider cyber-criminal community. For script kiddies, the motivation to carry out acts such as this can simply be boredom.
So, what basic measures should we all take when it comes to protecting ourselves or our companies online?
- Strong Passwords
We’re all warned about choosing a safe password but what is the ideal? Experts at Secarma advise choosing a simple sentence or phrase of over eight characters (any less than this can be quickly cracked) such as “I want to stay safe”. Then, change the case of some of the letters and include some numbers. You can also add in a symbol or two for extra password strength if you like. Secarma experts also suggest adding in identifiers for the website you’re signing into onto the end, such as FB for Facebook. This all adds up to a super safe password that can act like a metal padlock to your personal information online.
- Regular Pen Testing
Pen testing stands for penetration testing and it’s basically just a way to check your website for any security breaches. They simulate a real life attack scenario without disrupting any of your business processes, of course, and test the ability of your systems or environment to withstand hack attacks. It gives you a clear idea of the ways in which hackers could break into your system and is an effective method to make sure that security flaws are secured and preventative measures are put in place.
Even simple precautions can help you from becoming easy pickings for hackers and cybercriminals and are essential for keeping personal data secure.