Living in the digital age means that our personal information is more vulnerable than ever. According to a recent analysis, 86% of people use passwords that have already been cracked.
This also has a significant impact on business. A recent report shows that 54% of firms had their network or data compromised in 2018. So, if your firm hasn’t been involved in attack then it’s likely to be your turn soon. Recovering from a cyber-attack can be incredibly costly, with the average cost estimated at $5 million. What’s the most harrowing of all is that 60% of small businesses can experience a major cybercrime incident, go out of business shortly after.
Prevention is always better than a cure. So here are 6 key ways that you can protect yourself from cyber-crime.
1. Create a secure password!
This is a case where size really does matter. Password length is the biggest factor impacting password strength. We recommend a minimum of 18 characters, but more is better.
Despite popular opinion (and many websites forcing you into it), the use of special characters, numbers and different cases does little to increase the strength of a password. The best way to create a secure (and memorable) password is to use a familiar phrase that you can turn into a secure password. For example:
“The quick brown fox jumps over the lazy dog”
Turn this into a password such as “Tqbfjotld” and you have a more secure password that should be relatively easy to remember. Adding additional numbers or characters may also help, the longer the better!
2. Setup Multi-factor authentication
Most services allow the use of multifactor authentication in some form and is now considered more important than a strong password. Multifactor is often one of:
- Something you know (such as a password)
- Something you have (such as a onetime token generator like Google Authentication or setting up SMS tokens)
- Something you are (such as a fingerprint, facial recognition or other biometric method)
You should have at least two of these factors for every account that you own. Have you heard in the news recently about people who are having their mobile phone number ported to a new provider and their bank accounts being cleared out? This is not just a problem in business, it could impact anyone.
3. Check whether your password is already in the hands of hackers
If you use the internet at all then there’s a high chance your username or password information has been compromised. Many major websites have undergone security breaches over recent years including the likes of LinkedIn, Dropbox, Instagram, Snapchat, and Adobe.
When websites are hacked into, cyber criminals collect the usernames and the passwords of members and add these to their database. According to some sources, this list contains 773 million unique email addresses and 21 million unique passwords. Cyber criminals may exploit these stolen credentials themselves or sell them for big money on the dark web, either way, it’s not a pretty picture.
So what can you do? Security expert, Troy Hunt, has created a free online service which lets you type in your email address or password(s) and learn whether data has been breached (exposed to people that should not be able to view it). The website is called have i been pwned? and we highly recommend you pay a visit.
One of the staff at Qamba did this test themselves and one of the passwords they had been using had been breached a whopping 48 times. We advised them to change this password on any website where it was still in use and to stop using it going forward.
4. Setup notifications for when your username or password become compromised
Troy Hunt’s cyber security website also allows you to enter your email address and be notified of any future breaches of your login information. We recommend you doing this with all the email accounts you use at both work and home so that you can change your password as soon as a breach occurs, and prevent something more sinister from happening. If you want to cover all your business email accounts, we can assist in setting up a service that monitors your business domain (e.g. qamba.com.au).
5. Don’t allow your web browser to remember all your passwords
We know it saves time but if you’re using chrome and your Google account gets hacked ALL your passwords are visible. To repair the situation, you will then have to reset your password on all the websites in question.
In the case of Firefox or Safari passwords are saved in your browser settings under security, so if someone has access to the device, they can open all the passwords without a login. The key point to remember here is that hackers don’t require physical access to your device to get hold of this data. They can also access this information remote access plugins, trojan’s or malware which you may inadvertently install on your computer whilst browsing the internet. If you want to save time remembering passwords, then encrypted password management systems (discussed above) are a much better way to go.
6. Setup a password management system
If you’re like many people it’s become so difficult to remember all your passwords that you now have them all written down on a piece of paper which sits in the top drawer of your desk, or you have a word file that sits on your computer. You’re aware of the shortcomings of this method but you don’t have time to deal with the problem.
This is where password management systems come into play. The good ones are set up with multiple layers of encryption so they can’t be hacked. In a future blog, we’ll discuss the pros and cons of some the various password management systems on offer, so you can make an informed choice over which one to implement.
So whether you’re an individual concerned about protecting your identity online or a business owner concerned about the long jeopardy of your company are a good place to start. In future articles will delve deeper into what you can do at a business level to prevent your business from becoming victim to a cyber attack.