by Michael Champion, Berkeley Research Group email@example.com
I’d like you to ask yourself a few questions. How many times a day do you access a website? Now, for how many of those do you have to enter a password? For how many other websites does that user name and password work? And of those, how many times did you check that the website was secure?
As of last week, there are 4.8 million parents asking themselves these questions— or at least they should be. A report from Motherboard broke news about a breach in VTech that exposed what was later revealed to be 6.3 million records of children. Photos of the children and parents, dates of birth for children, addresses, passwords, genders, security questions and answers are only the start; the list keeps going. The harm could have been extensive and the potential for long-term damage is great. Being cautiously optimistic, the individual who was able to (easily) read the information stated he would not release it—but who else may have this dataset?
One of the many horrible aspects of the VTech breach was the fact that the company did not use any means of secure communication. None. Parents sent their and their children’s personal details on non-secured websites to a service that had inadequate security. So while we cannot control the security of VTech once provided the information, users could’ve stopped the issue in the beginning by identifying the website as not secure.
While companies have a responsibility to maintain the privacy of the information they collect, it is also up to us to take every step we can to protect our own data. Check certificates and research sites before giving information. Only provide information to secure sites, and whenever possible use a secure site.
Here is how to identify a secure website in: Chrome, Firefox, Internet Explorer, and Safari.
When you see a green lock by the website address, you can click on this and receive information about the certificate.
Like in Chrome, you can click on the green lock and have the information about the connection shown.
Internet Explorer: The lock will appear in grey. Clicking on this lock will provide information about the certificate for the site.
Safari: Like Internet Explorer, the lock will appear to be grey and within the address bar. Clicking on this will display the website’s certificate.
BRG experts are leading advisors on cybersecurity to banks and other financial services organisations. If you would like to receive more information about BRG and our services see the following links:
- Cyber-security services
- Cyber-security services for Financial Services firms
- Participate in our Cyber Preparedness Benchmarking Survey
- Cyber-security Webinar – Trends in Financial Services
- White Paper: The Cultural Firewall
- Sign up to receive our cyber mailings
- BRG International Financial Services Blog.