Advice issued after hack sees Chief Minister send “strange messages"

Wednesday 21 September 2022

The island’s leading cybersecurity authority has issued social media advice after the Chief Minister’s Facebook account was hacked.

Deputy Kristina Moore apologised yesterday evening to islanders who received “strange messages” from her account.

"It appears I have been hacked... trying to contact Facebook to resolve," she added.

Matt Palmer, Director of the Cybersecurity Centre for Jersey (CERTJE), has since urged islanders to take the opportunity to secure their social profiles.

"Whilst a social media hack may not sound too scary, many of us have large parts of our lives on these services. This can be permanently lost, and in addition the compromised account can be used for identify theft and financial fraud, as well as to attack your friends and family," he said.

While hacks unfortunately happen "all the time", it is "easy to reduce your risk and keep your accounts safe."

The "single most important step", according to Mr Palmer, is using what's known as 'multi-factor authentication' or 'two-step verification'.

"This simply means having an app on your phone or a text message that gives you a number to enter alongside the password. This secure authentication is supported by all public email providers and major social media sites – there is no reason not to use it," he explained.

"Using multi-factor authentication on email and social media accounts is like wearing a seatbelt in the car – everyone should do it."

Pictured: Matt Palmer, Director of CERTJE.

Strong passwords are, of course, "still important" too.

"Passwords should be unique and difficult to guess," Mr Palmer advised.

"If you have lots of passwords, use a password manager such as lastpass which can remember your passwords for you, then secure that with two-factor authentication."

TIPS...

Here are 10 top tips from CERTJE for keeping safe online...

1. Secure password policy – Using strong passwords with three unfamiliar words is a free and effective measure to help prevent unauthorised people from accessing your private information. Don't forget to create a separate password for your email account. Hackers can use the 'forgot your password' feature to reset other passwords if your email account gets compromised. If you're shopping, don't reuse passwords across multiple websites. This will limit hackers' access if any individual account is breached.
    
2. Multi-factor authentication (MFA) – Implementing an extra level of security is indispensable for accounts such as banking and email. This tip will protect you if your password is obtained by hackers. Some institutions automatically use MFA – also known as two-factor authentication (2FA). Others don't. It's well worth the time to check and manually turn on the facility at every opportunity.
    
3. Update your computer, phone and apps – Software is easier to hack if it is are outdated. Companies release updates that fix these weaknesses. Regularly updating your devices and software, and making good use of automatic updates and reminders, improves your defence and helps to keep you safe online.
    
4. Keep your smartphones and tablets safe – Activating all possible security measures is essential for devices used outside the home or office. Switch on PIN and password protection. Use fingerprint or face recognition if it is available. Check that device tracking, remote wiping and remote locking are turned on in settings.
    
5. Back up your data – Creating a copy of your information and saving it to cloud storage or another device reinforces your security. This will enable quick recovery and minor damage if your data is lost or stolen. Test it first and utilise automatic back-ups to reduce the risk of forgetfulness.
    
6. Shop with a credit card rather than a debit card – Credit cards have built-in fraud protections to protect you against the risk of owing money to credit card companies. The claims process for debit card fraud is long-winded. Designating an online shopping credit card will reduce the potential impact of fraud and allow you to cancel the card easily if you need to.
    
7. Be careful where you click – Special offers, flashing pop-ups and deals within a limited time can be overwhelming. It's often difficult to separate the legitimate from the malicious, but good practice is to visit the main website directly. Don't click links and attachments.
    
8. Verify website security – A safe website should display a lock and/or "https" in your browser's address bar. This will enable you to enter your personal information but only input the minimum required. Reputable shopping vendors will email a sales receipt after purchase, which should be kept alongside other paperwork.
    
9. Secure your web browsers – Using an up to date web browser and avoid add-ins you don't need. Use a keysafe such as lastpass or those built into browsers and phones rather than reusing your passwords. Avoid creating accounts you don't need, and turn off advertising tracking in your phone and browser settings.
    
10. Erase your old data – If you get a new mobile device or computer, this often means you will be getting rid of an old version. Ensure you erase all your personal data and log out from all services and apps. Once you have done that, reset the device per the manufacturer's instructions before you recycle it through a service that guarantees a data wipe.