The importance of password security for a business is often overlooked, here we explore why it’s important and how you can best protect your business assets and data.
“Sorry. You’ve used this password in the last 6 months, please try again.”
Almost 20 years ago, the guidelines for password security for the US National Institute of Standards and Technology were written with suggestions that passwords should be made up of a range of different characters and changed every three months. Despite this, people still continue to choose terrible passwords (the top password used according to Wikipedia is 123456. So now we frustratingly are forced to select more and more complicated passwords with every account we create.
We used to think hackers had nothing to access other than family photos and messages to friends, however, our lives are now almost entirely stored on our devices and connected to a number of digital accounts. The quality and protection of passwords is imperative.
How do hackers gain access to accounts?
Brute Force – Simple scripts can be run that will cycle through huge combinations of letters, numbers and words until they crack an account’s password. Something as weak as 123456 can take less than a second.
Social Engineering – By trawling social media accounts and business websites, it’s possible to uncover significant details that a hacker can then use to directly contact an individual and justify asking for their password. This is often under the guise of attempting to release stalled emails or updating security preferences.
Keyloggers – This tool can be stealthily installed on a computer to log every keystroke you type, such as entering your password when you log into an account, then sharing those details with a hacker.
Why would a hacker want MY accounts?
Access to financial information – With all of our accounts tied together and stored in our devices, it can be simple for hackers to gain access and purchase items on our tab.
Access to business websites – Searching for holes in your website security as well as password hacking can be appealing to hackers who wish to piggyback off the digital continuity or reputation of your site. They can mean creating fake landing pages within genuine sites to avoid spam filters in broader hacking attempts.
Access to your business assets – Password hacking can be used to gain control of digital files and records of a business, which are then encrypted to prevent your access with ransom requests for their release. Unfortunately, the hackers don’t always have the means of decrypting these files having a devastating impact on a business.
How can I better protect my passwords?
Follow the basics – We know you hate to hear it, but all those recommendations to use an automatically generated password that ticks all the complexity boxes? They’re on the money. Try not to use the same passwords for multiple accounts and consider resetting your passwords frequently – think of it as a spring clean of your accounts.
Deploy 2-factor authentication – Choose to add a secondary email or phone number to your account logins so that any hacking attempt is blocked before they actually gain access. This is usually a simple code that’s texted to you to enter online as you complete your log in.
Simplify things with a password manager – There are a number of great tools such as LastPass which has bank-grade encryption (256-bit AES) and TLS certification to protect your data. Even LastPass themselves can’t access, view or share the data you have saved in their vault. Business accounts can even be created to manage access to key log-ins by your team without sharing passwords directly.
Password security is just one small piece of your broader IT Security conversation. To learn more about how to protect yourself and your business, the team at Xenex are able to run a simple security audit to highlight any areas of concern and make recommendations to remediate. Contact us today for a chat.