Picture this. You are set to deliver one of the biggest speeches of your career, outlining implementations and taxations you have meticulously worked on with a team for weeks, if not months, that will impact millions of people.
You are ready to stand up and speak. But just minutes before you’re set to present that information, you find out that all your points have been published online by someone else. Disaster!
Of course, as you no doubt saw on 26 November, this was the exact reality that faced Rachel Reeves shortly before presenting her 2025 Autumn Budget.
In the age of digital accuracy, it feels like something that just shouldn’t happen. But the recent Budget embarrassment shows that people can make mistakes, including at the top levels of government.
It was confirmed in the aftermath that the Budget leak was not the result of a hack nor a government mishap, but rather an error made by the independent Office for Budget Responsibility (OBR). The OBR chairman, Richard Hughes, has now resigned from his post as a result of the matter.
This instance of human error and carelessness put me in mind of a few pointers around best practices for any online account you use – simply, you can never be too careful online!
Here are 10 ways to make sure your accounts are as secure as possible.
1. Don’t assume anything online is hidden
Even if you have a document set so that only people who know the link can access it, never assume that means it is hidden from all eyes. If possible, set your online documents to “private”, “restricted”, or “only me”, depending on the platform you use. That simple step ensures sturdier privacy.
2. Double-check permissions before sharing anything
In a similar vein, it’s also important to carefully consider who you are sharing certain files and documents with.
Want to make sure that only the people you want to see a particular file are the ones who can? Ask yourself a couple of questions before hitting that share button:
- Who can see this?
- Can they edit it?
- Can they forward it?
These basic questions can prevent you from accidentally making something confidential publicly accessible.
3. Use strong, unique passwords for every account
It only takes one weak password to compromise everything. The best rule of thumb when using multiple accounts is one account = one unique password.
There are many great password managers out there, such as LastPass, which are specifically for helping you keep on top of your multiple passwords. They can also create strong, unique passwords for you.
4. Turn on 2-factor authentication everywhere
By far the biggest security boost you can give to any account is 2-factor authentication (2FA).
This means that, in the worst-case scenario of someone gaining a password, they still need to get through a second layer of authentication.
2FA actually saved me from this very outcome. My Facebook account ran on an old password, and I had not touched it in a number of years. I then received an out-of-the-blue alert letting me know that someone had tried to gain access.
It turned out I had repeated my Facebook password from another account that was involved in a data breach. Luckily, I had switched on 2FA, so I received a text telling me that someone had tried to access my account. After that, I changed all my passwords.
This was a few years ago now, but I still make sure to turn on 2FA on every account I have.
Even better than a phone number for 2FA is an authenticator app, which generates a new, unique code for use every 30 seconds when logging into accounts.
5. Make your file names and links unguessable
Avoid giving important files simple names. If uploaded somewhere, bots and other malicious individuals will always try simple and easily guessed words and phrases, such as:
- Index
- Budget
- Budget-2025
- Invoice.
Always make sure to give a unique and purposeful name to all your documents.
6. Don’t upload anything sensitive until it’s ready
The file containing the Budget details went online too soon. Following on from this, other errors meant it was fully visible to the public. Once the genie was out of the bottle, it was effectively impossible to put it back in.
Avoid uploading anything to the web until you are 100% sure you are ready to do so.
7. Keep your devices updated
An out-of-date device connected to the internet is a hacker’s Christmas present. The security will be outdated and will allow them easy access.
If you have a device that is connected, always ensure it is up to date with the latest software upgrades.
8. Be careful where you store work and personal data
Mixing accounts is one of the easiest ways to leak the wrong thing to the wrong people.
- Don’t keep work files in your personal Google Drive.
- Don’t save personal photos to your company laptop.
- Keep shared family accounts tidy.
9. Slow down when sharing or uploading
Most mistakes happen online when someone is rushing around, the Budget leak included.
Take the time to check, double-check, and triple-check where your files are going and what permissions they have.
Had someone at the OBR done so, they might have saved themselves and the government a whole load of embarrassment.
10. Review your accounts every few months
As well as putting best practice steps like these into place, it’s also valuable to periodically review your accounts.
Think of this as sorting through your drawers in your office. Things to check:
- Old apps connected to your accounts.
- Unused logins.
- Devices you don’t recognise.
- Out-of-date recovery email addresses or phone numbers.
Get in touch
If you’d like help with your online presence from a team of digital experts, get in touch with us today.
Email hi@theyardstickagency.co.uk or call 0115 8965 300 to find out more.
