16 September 2022

Cyber Security: Best Practice

Online fraud and crime continues to rise rapidly, with 80% of businesses estimated to have come under attack at one time or another in the UK alone, and an estimated cost to the UK economy of £27 billion, according to UK government reports.

This is not something that can be ignored.

According to JM Finn’s Chief Information Security Officer (CISO), Jon Cosson, most cybercrime can be prevented by avoiding some elementary errors and taking some fairly basic precautionary steps.

Here, Jon highlights a few dos and don’ts surrounding passwords – the single most troublesome issue when it comes to hacking as well as some actions to take should you find yourself in the unfortunate situation where an online account has been breached.


Weak passwords are arguably the main reason people get hacked. Passwords are stolen from websites every day, and whilst these are often encrypted, if the password is weak they can be attacked and the clear text codes revealed.

Consider following these simple Dos and Don’ts to minimise your risk: 


  • Use strong passwords for all your online accounts 
  • Use different passwords for different accounts 
  • Use multi-factor authentication, such as the biometric login function available on most smartphones
  • Mix Complexity with length: passwords should contain at least 12 characters and not use single dictionary names (or variants of those names) 
  • Make passwords that are hard to guess but easy to remember 
  • Use a Password Manager: the more complex the password the harder they are to remember so consider using either a web-based or standalone manager to help
  • Change your password at least every 6 months 
  • Regularly check your passwords using ‘Have I Been Pwned' Website 
  • Change your home Broadband Router/Hub default password 
  • Change all your home devices (that connect to the Internet) default login password i.e. devices such as CCTV Monitoring, video door-bells  

Do Not 

  • Disclose your password to anyone under any circumstances 
  • Use the same password across multiple accounts 

What to do if your account is hacked

Whether it's your email, social media or some other type of online account, there are numerous ways to alert you to the fact that someone else is accessing your account. Being locked out of the account is an obvious indication that something has gone wrong, but the signs can be more subtle. Things to look out for include logins or attempted logins from strange locations or at unusual times. Changes to your security settings and messages sent from your account that you don't recognise are clear indicators your account has been compromised. 

However you discover the problem, once you know your account has been hacked, this is what you should do: 

  1. Update your device: the Operating Systems and apps on the devices you use should all be updated which will install the latest security fixes.
  2. Contact your provider: if you can't access your account, go to the account provider homepage and find a link to their help or support pages which will detail the account recovery process.
  3. If your email account was hacked: once you've regained control, check your email filters and forwarding rules. It is a common trick for the person hacking an account to set up an email forwarding rule that sends a copy of all your received emails to them.
  4. Change passwords: once you have confirmed there are no unwanted email forwarding rules in place, change the passwords on all accounts which have the same password as the hacked account. Then change the passwords for all the other accounts that send password reminders/resets to the hacked account.
  5. Notify your contacts: get in touch with your account contacts, friends or followers to let them know that you had been hacked. This will help them to avoid being hacked themselves.
  6. If you can’t recover your account: you may choose to create a new one. Once you've done this, it's important to notify your contacts that you are using a new account. Make sure to update any bank, utility services or shopping websites with your new details.
  7. Contact Action Fraud: if you feel that you have been affected by an online crime you can report a cyber-incident to Action Fraud using their online fraud reporting tool.

For further information about how to protect you and your families from cyber crime, please see our cyber crime awareness guide which can be downloaded at: www.jmfinn.com/cyber-crime-awareness.

Understanding Finance

Helping clients understand what we do is key to building relationships. To explain some of the industry jargon that creeps into our world, we’ve pulled together a section of our site to help.

Managing your wealth

Managing your wealth

Also in this issue
Understanding Finance

The legendary investor and ‘Sage of Omaha’, Warren Buffet, CEO/Chairman of Berkshire Hathaway wrote, in 1986, about the important concept of “owner earnings”.