2022 is the year of cybercrime on steroids. According to the Identity Theft Resource Center (ITRC), data breach disclosures have already surged 14% in Q1 2022. Still, few people realize that data breach statistics do not include the millions of private accounts hacked every week.
According to figures provided by Microsoft engineers at the RSA 2020 event, an estimated 1.2m Microsoft accounts are compromised every month. Cybersecurity specialists agree that users could have prevented most incidents by using MFA and a VPN for PC.
What Happens When Your Microsoft Account Gets Compromised
Microsoft has developed a set of attractive features to encourage users to use their Microsoft accounts whenever they use any Windows device. In a world where people already struggle with too many passwords, Microsoft has expanded its Windows Live ID concept to combine single sign-on access to many popular services.
Single sign-on gives you instant access to services like Windows Messenger, Hotmail, Xbox, Outlook.com, and the OneDrive free cloud storage and online access to basic Microsoft Office apps.
To accomplish this, Microsoft stores your account info on the internet. Whatever you do on your Windows computer appears instantly across all your Windows devices via the internet. The solution is designed to sync your network profiles, passwords, privacy settings, passwords, mail, and documents.
Single sign-on is convenient but can be extremely dangerous
If your Microsoft account is compromised, you risk losing everything, as an estimated 1.2 million compromised Microsoft account holders realize every month. If someone hacks your account, or if you share your login info with someone else, that person gains access to all of your Microsoft services and all of your stored sensitive information. Data thieves can strip out every private photo, correspondence, medical history, or even your Curriculum Vitae to arm them with information to attempt identity theft.
Use Multi-Factor Authentication (MFA) for your Microsoft Account
The Microsoft engineers pointed out that 99.9% of the compromised accounts did not use multi-factor authentication, providing an easy lunch for an automated account attack. Tech companies have long been grappling with the problem of moving away from a password system, and multi-factor authentication is currently the best way to stop attacks.
Keep Windows up to date
Windows updates are notorious for being untimely, inconvenient, and sometimes quite large, and we’ve all been tempted to skip them. Don’t skip or delay for long because some of the updates may be hotfixes to protect users against newly discovered zero-day attacks and notable malware campaigns.
Use a good (paid) antivirus or security endpoint solution
If it’s free, you are paying for it with your data which, in a certain light, makes your ‘free’ antivirus look a little like spyware. A good antivirus actively protects your privacy to reduce your vulnerability to phishing and other sneak attacks. If yours is an older machine and you worry about the impact on speed or performance, sign up for a free trial of one of the premium cybersecurity programs so you can evaluate the solution in real-world circumstances.
Use a good (paid) VPN
You should never use Microsoft’s single sign-on without the protection of a VPN. When you sign in to your Microsoft account, everything you do gets bounced around on the internet and can be intercepted easily using basic, cheap equipment and software. And, yep, you know it … if your VPN is free, you are paying for it with your data, so get an advanced VPN that will protect your privacy and prevent you from inadvertently becoming a statistic.
Consider using a local account
If you’ve ever been stuck in a coffee shop with bad WiFi, you’ll know how frustrating it can be not to have access to your files. When you use a local account, you don’t need internet access to get to work. Everything you need is right there on your computer, and you simply designate the files you wish to sync.
A local account works on that specific computer only, so your settings and activities do not get beamed to remote servers. It allows users some discretion to keep their private lives separate from work lives.
It’s very easy to switch between local and Microsoft account logins. Go to Start >> Settings >> Accounts >> Email and Account options >> Sign in with a local account instead. Just remember to make a backup of documents you don’t want to lose.
Consider using a local account on machines where you don’t need automatic access to all Microsoft services and just need to get your head down and do some work.
A Final Tip for Windows PC Safety
Whether you use a local account or Windows account, don’t ever sign on to free WiFi at the coffeehouse, hotel, or airport without a VPN for your PC or phone. Hackers pay people to roam around with ‘grabber software’ to steal passwords while victims sip coffee and fire off quick emails.