When it comes to unusual cyber security cheerleaders, The Office US’s Dwight Schrute tops the list. In one of the show’s most meme-worthy moments (which is saying something, as a quick Google search reveals an extensive list) Dwight loudly proclaims, during a heated exchange, that
Identity theft is not a joke, Jim! And we at F‑Secure couldn’t agree more.
Unfortunately, identity theft is a problem that’s only getting worse, with Federal Trade Commission data revealing that identity fraud (which is when ID theft results in a crime) increased from 270,000 to 1.4 million cases between 2012 and 2022 in the U.S.
And the results of digital identity theft are no laughing matter, as they can manifest themselves in many negative ways, depending on the severity of each case. These can include:
In F‑Secure’s recent
Living Secure report, which surveyed the views of 7,000 respondents around the world, 57% of people said that they would rather have their car stolen than their identity. Which shows that most people understand the associated threats that accompany identity theft.
However, despite the growing awareness around identity theft, the
Living Secure report also found that 58% of people said that photos were the most important data stored on their device — with only 40% considering their passwords as the most vital thing to protect; this is a concerning statistic, given that most cases of identity theft begin with a data breach.
And, according to previous F‑Secure research, 60% of people had suffered a data breach during a 12-month period, with half of them continuing to use exposed passwords on other accounts — even after they’d received a warning that their accounts were no longer secure.
These results indicate that, whilst being aware of the threats of identity theft, people are still unsure of the steps they need to take to adequately protect themselves. Thankfully, though, there are some simple steps you can take to ensure that your sensitive data is secure online.
Despite stolen credentials being the main way that cyber criminals gain unauthorized access to accounts, brute force attacks — where trial and error is used to try and crack a password — still account for around one-in-10 data breaches, according to Verizon’s annual Data Breach Investigations Report (DBIR). And with brute force attacks often reserved for targeted data breaches on high-value targets, where the potential damage is much greater, it’s important to make all passwords as strong as possible.
There are various techniques for creating a strong password, such as picking five completely random words — but that’s a lot more difficult than you might think. So, instead, you can use a free tool like F‑Secure’s strong password generator.
You can have the strongest password in the world, but if the site you’ve trusted with your details is compromised, that password (along with those of every other registered user) can end up in the hands of cyber criminals. In fact, Verizon’s annual DBIR claims that 86% of data breaches happen because of stolen credentials.
Therefore, to minimize your risk of a data breach, you should ensure that your password is not just strong, but unique for every account, using a tool like F‑Secure’s strong password generator to create them.
Two-factor authentication (also known as 2FA) works by adding an extra layer of security to online accounts, which goes beyond your username and password, requiring an extra login credential (such as a one-time passcode, sent to your phone via SMS).
So even if someone acquires your username and password, with 2FA enabled, they still need to get through a second layer of security. And with two-factor authentication enabled 99.9% of automated attacks are prevented (according to 2019 research from Microsoft).
Phishing scams are a prominent form of social engineering, designed to trick you into sharing private information, or to convince you to click on links or attachments that subsequently lead to malware or fraudulent sites.
These scams often come in the form of text and a URL, which means attacks can target anywhere you might receive digital communication, such as email, social media messages or SMS. To avoid such threats, ensure that you use a security product with browsing protection and virus scanning.
If you want to go a step further than generating strong and unique passwords, you can use a tool called a password manager, which will also enable you to easily store and access your login credentials.
The beauty of a password manager is that you only need to remember one
master password, and your password manager does all the hard work for you. F‑Secure’s highly-rated ID Protection enables you to generate and manage strong passwords for every online account that you have, with all the data encrypted using TLS/SSL.
Following a data breach, compromised user credentials often circulate on the dark web. Monitoring these data breaches is a useful way to determine if you’ve been a victim of identity theft. And you can use a manual tool such as the F‑Secure identity theft checker to check.
Whilst free tools are good starting point, a more proactive approach is to consider automated 24/7 identity monitoring, such as that available in F‑Secure Total, which continually scans for breaches and notifies you of any that include your details. And if you receive a notification that your details have been exposed in a data breach, it’s vital that you update your details for that account, as well as anywhere you might have used the same login details.
Public Wi‑Fi can be incredibly convenient, but it comes with a number of risks, as cyber criminals often use hotspots (and their vulnerabilities) as a way to harvest confidential information from unsuspecting users.
This can be done via an
evil twin hotspot, where scammers set up a fake access point to mimic your current location (with a name like
AIRPORT WIFI, for example), or via a method known as a man-in-the-middle attack. This is where a hacker exploits the poor security of a legitimate hotspot, uses a technique such as ARP spoofing, and then collects data being shared over the network. In both cases, the websites that you visit, and all unencrypted information that you share can been seen and retrieved via a third-party.
To avoid data breaches whilst on public Wi‑Fi you should avoid sensitive activities such as banking and ecommerce. Also, make sure you set your device to forget previously used Wi‑Fi networks. And — most important of all — use a VPN, which will encrypt your connection end-to-end between your device and the VPN server so your traffic can’t be spied upon.
Discover whether your details have appeared in a data breach using the F‑Secure Identity Theft Checker, which scans and monitors forums on the deep and dark web. It’s completely free and anonymous, with no data being stored.
Discover if your data has been breached.