Unauthorised access

The term 'unauthorised access' describes the act of directly — or indirectly — accessing information online without authorisation.

This can be any kind of information found online, such as:

  • social media accounts
  • websites
  • bank accounts
  • emails
  • business networks and systems.

Unauthorised access is often done with the intention of getting data for personal gain, or causing loss to another person.

It’s when someone:

  • is no longer permitted to access systems or information and they do
  • gets access to a system fraudulently, for example by guessing a password
  • gains access to a system by brute force — by using automated software to guess things like:
    • usernames
    • passwords
    • pins, and
    • login details.
  • uses social engineering to get access to something they shouldn’t have. Social engineering is when an attacker:
    • gains someone’s trust and tricks them into giving them access or information they shouldn’t have
    • researches a person or company and gets enough information to be able to either guess their passwords or get them reset to something the attacker chooses.

How to prevent unauthorised access

Here’s what you can do to reduce the likelihood of anyone getting unauthorised access to your computer system or network.

  • Be aware of social engineering. Don’t give out any personal information unless you know exactly who’s asking for it and why they want it. If you’re not sure, ask.
  • Choose unique passwords for your online accounts — don’t use the same password for every account you have. Consider using a password manager like KeePass to manage them.
  • Turn on multifactor authentication for your online accounts.
  • Always update your operating system and your apps when new versions are available. You can set this up to happen automatically with Windows and a lot of other applications like Office.
  • Install antivirus and anti-ransomware software on your computer if you don’t already have it, and update it regularly.
  • Scan for viruses regularly and clean up any infections straight away.
  • Make sure that the answers to your account recovery questions aren’t easy to guess. Your answers don’t need to be factual, just something that you can remember.
  • Be cautious when connecting your computer to unsecure networks like free WiFi or internet cafés.

If you have your own business, there are a few extra things you can consider.

  • Limit your employees’ access to the systems and processes they need to do their job and no more. This is known as the principle of least privilege.
  • Only give remote access to people within the business who need it. Put some controls around who can and can’t have it.
  • Monitor your business network and systems for any unexpected login attempts.
  • Keep an inventory of the devices on your network and make sure they’re secure.
  • Don’t use generic passwords and logins — have a unique login for every user and update your passwords regularly. 

If someone’s had unauthorised access to your system or network

What to do if your system or network has been accessed without your authorisation.

  • Change the password for anything that was accessed without your permission.
  • Contact the service provider for your online accounts — like your bank or your email provider. Let them know what’s happened and ask what they can do to help.
  • Make sure you back up your files regularly. This includes the files on your computers, phones and any other devices you have. You can:
    • do an 'offline' or 'cold' backup. Back up the data to an external hard drive and then remove the hard drive from your device
    • do a cloud backup to Dropbox or a similar online hosting service.

Report unauthorised access

Related articles