Chester Wisniewski has 488 different passwords to protect his information when he’s on the web, but that still wasn’t enough.

The computer security expert was among 100 million users of the Sony PlayStation site whose personal information, including birth dates, was caught in a massive data breach when hackers struck in April.

“I cancelled the credit card that was linked to the account,” said Wisniewski, a senior security adviser at Sophos Canada in Vancouver. “I went through every website to make sure I didn’t use the same password elsewhere.”

If the same password had been used, criminals could have gained access to other information including banking details.

“Unfortunately, once you have stolen someone’s Facebook or email account, it kind of unlocks everything in their life. If you have their Facebook, you know if they’re on vacation, who their friends are,” Wisniewski said. “It’s easy to commit identity theft.”

While some firms immediately disclose security breaches, some businesses, especially small- and medium-sized ones, may not even know about a problem until months later when money goes missing or there’s a sudden flurry of identity theft cases.

Yet it seems every day there’s a new case. They range from the so-called hacktivists like Lulz Security members, who claimed to hack into Sony, to the CIA, to the phone hacking scandal in Britain that brought down British tabloid, News of the World.

On Monday, a new group of hackers called Anonymous claimed to break into the database of U.S. contractor Booz Allen Hamilton, seizing passwords belonging to 90,000 military emails. The Associated Press found only 67,000 unique addresses that included defence contractors such as Lockheed Martin.

The politicization of hacking is raising awareness for consumers and businesses, said Wisniewski.

“This hacking stuff is really serious — it causes a lot of damage to both businesses and consumers. It’s good it’s getting attention because maybe organizations will start treating our information a little more carefully,” he said.

Warnings of possible breaches are becoming commonplace. Pranksters posted a fake story on the Conservative Party of Canada website about Prime Minister Stephen Harper choking on a hash brown.

Last week, hackers took control of a Twitter account for FoxNews.com, reporting that U.S. President Barack Obama had been fatally shot.

A 2010 joint study on Canadian IT security practices by the University of Toronto’s Rotman School of Management and Telus surveyed 523 organizations on their individual practices.

The report found that in 2009 security breaches were up 29 per cent, year over year, with the brunt of the increase from government entities. That can be attributed, in part, to “a late but focused investment into detective and reporting capability,” resulting in an increase in visible breaches.

The report pointed to the growing trend toward targeted and sophisticated attacks, often designed for monetization, through “theft of corporate secrets or through the acquisition and abuse of identities and credentials.”

The survey asked respondents to estimate total dollar value of losses from breaches in the previous year, with one-quarter saying they didn’t know. About 40 per cent put the loss at less than $100,000, but 1 per cent said losses exceeded $3 million.

Avner Levin, director of the Privacy and Cyber Crime Institute at Ryerson’s Ted Rogers School of Management, believes there are two types of hackers — criminals and those doing it for the thrill. Levin argues that while individuals should be more careful in protecting passwords, such as not using obvious ones like 1111, large companies bear more responsibility.

“They have a lot more resources than we do,” he said. “The weakest link is often not the end user, who is very careful keying a PIN. It is not necessarily us.

“The hackers know it’s worth it for them to find one corporation that’s weak, because then they can get millions and millions of accounts,” Levin said. “Even if only 1 per cent translates into credit cards they can use, it’s still an enormous number. Then they move on to the next thing.”

He believes hacking isn’t going away — with hackers finding new ways to circumvent security measures. “You have a process here that mimics biology and evolution, and it’s happening in the field of cyber crime,” he said, comparing it to bacteria becoming resistant to antibiotics.

Sony spokeswoman Ashley Purdy declined to comment on the uproar over the breach, but said the company is planning to launch a free identity protection program for all Canadian PlayStation Network users, possibly as early as next week.

Loading... Loading... Loading... Loading... Loading... Loading...

For computer security experts, the lack of protections on smart phones is also an issue, noting most people don’t bother to set a password.

Wisniewski said his company, Sophos, which specializes in corporate security, estimates that 10,000 phones are lost every day at U.S. airports alone.

“Security is a pain in the butt. Most people avoid it because it’s inconvenient,” he said. “You could have four padlocks and a deadbolt on your door, but who wants to do that every time we leave the house? We go with what’s convenient.”

While many of these lost phones are used by random thieves who erase and sell the devices, lots of personal information is available in passwords in web browsers, he warned.

His solution? He has a 16-character password on BlackBerry, but he concedes he is extraordinarily cautious. Wisniewski believes it’s okay to write down a password and keep it in a drawer or a wallet until it’s ingrained in the memory.

Protecting yourself from hackers

Computer attacks, data breaches and cases of identity theft are a by-product of the information age. Here’s how to protect yourself:

• The basics: A strong password is at least seven characters long, has a combination of letters, numbers and symbols, and the same password shouldn’t be used for all of your online activities.

• Words and acronyms work: If you don't want to use a combination of letters, numbers and symbols, at least keep in mind single word passwords are easier to break than multiple word passwords. Instead of "monkey," use something like "orangemonkey" or "bigmonkeyface."

• Managing multiple passwords: Come up with a system to better remember each of them, such as adding a relevant letter to the front, middle or end of the password — "b" for banking, "s" for shopping, "f" for Facebook or "d" for an online dating site.

• Change it up: Every so often, change passwords. The longer you keep the same password, the greater the chance someone could guess it, share it and use the information against you. Don’t share your password.

• A step ahead: Google offers a two-step authentication process, which serves as an extra security measure to protect your online accounts from being compromised. Many other companies are using two-step authentication, as well.

• Heed the call: When you set up a landline or mobile phone voicemail, depending on your provider/carrier your voicemail password by default might be the last 4 digits of your phone number (9492) or the month and year of your birthdate (e.g. 0471 for April of 1971). Don’t keep these default voicemail passwords — they are only meant to help you log in once and chance it to something else.

• Public Enemy No. 1: If you're using a public computer such as a shared PC at a library, cybercafé or airport lounge — be sure not to do private things better done at home (such as online banking). Use the mouse on an onscreen keyboard offered by Windows if you must enter a password.

Read more about: