Lax password security could be dangerous for you and your business, says Clive Taylor.
Serious data breaches attract media attention as they can result in potentially devastating consequences for individuals and businesses.
A recent National Cyber Security Centre (NCSC) report reveals that:
- 70 per cent of respondents believe they will fall victim to a cybercrime within the next two years; and
- 37 per cent of respondents agree that losing money or personal details over the internet has become unavoidable.
Ironically, the same report reveals a serious disregard for password security, with many individuals setting weak or predictable combinations that make it easy for hackers.
Shock fact: The NCSC found that 23.2 million hacked accounts of victims worldwide used 123456 as the password, which is unlikely to take sophisticated hacking apps long to guess.
Although hacking is often depicted in movies as a single criminal sitting at a computer manually guessing passwords, hacking methods are much more sophisticated in practice.
The most common used by hackers remains brute-force attack, which, despite its name, can be technically effective for those looking to breach an already weak security system.
Brute-force attacks will often use a password dictionary, containing millions of words and numbers that can be tried in combinations to discover the correct password. This can take minutes, hours, days or even years – the programme has enough patience. So businesses and the individuals working in them should follow these five security steps.
Understand the threat
Take the time to understand the magnitude of the problem and the threats that exist.
If you have fallen victim to a hacking attack in the past, use the incident as a learning experience and begin making serious changes within your business, teaching your team to be more vigilant.
Ditch weak passwords
Avoid weak combinations, which make the hacking process easier for would-be criminals. These include:
- Sequential numbers or letters;
- Birthdays; and
- Especially the word ‘password’.
You may have trusted these in the past, but stop using them now.
Pick strong passwords
There are many different layers of protection that can be added to make passwords stronger, but a general rule of thumb is that all combinations should be at least 15 characters, using a mixture of upper-case and lower-case letters with numbers and symbols.
Pro tip: Use a word combination of random but memorable words that make it almost impossible for hackers to guess. An example of a word combo could be ‘FootballDogYellowRibbon’ – the more ridiculous the better.
Watch out for internal threats
Outside hacking attacks can be difficult to prevent, but internal attacks and phishing attempts can be stopped with the right staff training.
Some cybercriminals will try to trick, intimidate or pressure an individual into giving them what they want, using fake email addresses or websites to dupe people into granting access. Through training, businesses can reduce the risk of falling victim to a phishing attack.
Change your attitude
It may seem like a relatively small issue that can be fixed through a simple password change, but cybersecurity is an issue much bigger than making sure you lengthen a login combination.
NCSC research reveals a culture within workplaces of disregarding password security, and only once businesses kick old habits and become active in their security efforts can they truly be protected from incoming attacks.
Secure your business’ future
Although password protection isn’t a new concern in online security, individuals and businesses are not treating it seriously enough.
Cyberattacks are becoming more sophisticated, so it is important to update your password and other security measures regularly to ensure that you stay ahead of criminals.
If you’re unsure about the next steps, contact an experienced managed service provider and begin securing the future of your business.
Clive Taylor leads on cybersecurity for managed IT services specialist Quiss Technology
Image credit | iStock