Hacked off: Protect your email from a breach

Because online security breaches seem 10 a penny, consumers must take simple steps to protect themselves, says Rik Ferguson
Written by Rik Ferguson, Contributor

High-profile breaches involving consumer data are becoming the norm. Rik Ferguson asks what individuals can do to protect against possible attacks.

Late in March, thousands of consumers had their email addresses stolen by cybercriminals who hacked into TripAdvisor and Play.com. Many of these consumers are now reporting an influx of spam and phishing attacks, leaving them concerned about the safety of their information online.

Hacking attacks are becoming more commonplace in the news today. Although varying in severity, there is one constant: people are left wondering why their information was open to such breaches, what is really being done to protect their information, and what should they be comfortable with sharing online?

In reality, hacks will always take place. As businesses improve their security, a hacker will always try to find a way round it. But it would certainly be advisable for companies to communicate such breaches in a more effective manner.

While no credit card details were stolen in either of these cases, it's important to get reassurance from the victimised companies to ensure people still part with their email addresses or other personal information, so practical advice is vital.

Vague and unhelpful post-breach advice

The emails both TripAdvisor and Play.com issued to announce their breaches were not only vague, but also provided little advice on what a customer should do beyond "ignore spam emails".

I would never advocate a boycott of people giving out their email addresses. It's unrealistic: many websites and businesses, quite legitimately, request an address before you can access their content.

With two high-profile hacks taking place in the space of a week, naturally consumer confidence is beginning to erode. But I would never advocate a boycott of people giving out their email addresses. It's unrealistic to advise against providing email account details because so many websites and businesses, quite legitimately, request an address before you can access their content.

With that in mind, it is important that we stay ahead of the game and mitigate the possibility of much more than our email address being stolen. I would urge people to use different email addresses for different websites. For example, Yahoo allows you to create a certain number of disposable email addresses under one account so they can be used for various online activities.

You could have an email address for Amazon and another for eBay. That way, if one of those websites were breached, you would know which one and can simply delete the compromised email address. Another option, if you have your own domain — I know, this isn't for everyone — is to set up named email addresses for example, play@yourdomainname.com.

Avoiding interlinked emails and passwords

The more active you are in ensuring your emails and passwords aren't all interlinked, the more likely you are able to stop an online hack becoming much more than the pilfering of your email address.

With specific reference to the most recent hacks, I would like to see further details from the companies in question on what exactly was breached and what is being done to ensure the same thing won't recur. It is important for them and their customers to be certain measures are being put in place.

If recognisable targets such as TripAdvisor and Play.com are more forthcoming with their advice and information on security breaches, and consumers become more proactive with how they manage their email accounts, the threat of serious attacks should be diminished.

There is always the chance that someone can get hold of your information without your knowing. But as long as you take control and make sure you are as secure as you can be, and websites are ensuring they have the correct measures in place, there is certainly less to worry about.

Rik Ferguson is director of security research and communications, EMEA, at Trend Micro. He has over 15 years' experience in the IT industry with companies such as EDS, McAfee and Xerox.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards