If 15,000 bots launching a gargantuan 2 terabyte multi-vector DDos attack on Cloudflare doesn’t get our collective minds focussed on the subject of online security, then, well, maybe nothing will...
While a record-breaking invasion attempt of this kind might be somewhat rare, if nothing else, it does drive home the message that we can all be doing more to tighten up our online defences.
Indeed, it’s a disconcerting feeling to imagine that someone out there in the dark recesses of the internet has the potential to expose weaknesses or find ways around your company’s password systems.
What better time, then, to take a look at some of the ways in which you can reduce the chances of your business accounts getting hacked. Let’s make passwords work for you!
If your approach to keeping track of multiple passwords is a little, let’s say, traditional, then the idea of changing them all regularly might seem like a daunting task. Perhaps you save everything on a single document or notepad, and there’s simply not enough time in the day to manage that kind of upkeep.
Luckily for you, there’s a solution.
There are a multitude of password managers on the market—all designed to help store, update and change the vast bank of passwords you have to keep tabs on. Often they’re included free in anti-virus software, but there are also some excellent subscription-based services that offer exactly what you need. DashLane, 1Password and LastPass are some of the best in the business and provide invaluable password management for companies juggling multiple accounts.
The beauty of this kind of software is that they remember all your passwords and usually ties-in with breach services to notify you if your credentials have featured in a known hack. You also have access to password generators which suggest secure, iron-clad passwords. Perfect!
Simple yet prudent advice. For the love of Fernando J. Corbató—Google it—do not save your passwords in your browser.
Browsers have a tendency not to encrypt password information—leaving even the most fiendishly complex passwords vulnerable to hackers. They also don’t have the good manners to remind you to change your password regularly.
Browser operators are quick to identify vulnerabilities and potential threats, and will install security patches if you don’t regularly update your browser, but this in itself can pose a number of security issues.
Here’s a checklist of things you can do to reduce the need for browser saving:
Reduce the amount of data stored on your browser
Install a password manager
Store passwords into the password manager when prompted
Deactivate browser password saving
Change passwords every one to three months
Something we all should be doing—and something you should certainly recommend to your clients, too. No matter how confident we are about the strength and security of our passwords, there’s no reason not to apply 2FA in your password systems.
Two-factor authentication is a crucial second line of defence after you’ve entered your password. The most common forms of 2FA are SMS or email verification—where you’re sent a unique, time-sensitive PIN to enter into the log-in page—or an app-generated code from software like Google Authenticator.
Plenty of password manager apps and websites offer 2FA in their packages, so it’s certainly a good idea to take advantage of this safeguarding function.
Whether it’s a list of old client log-in details, a password you created to buy a one-off gift, or credentials for a company website that no longer exists, it’s a good idea to safely discard any information that isn’t being used.
This is particularly relevant if you’ve re-used a password multiple times, as a hacker might try and take advantage of these credentials that are just collecting virtual dust. Old username and password combinations can be used across newer platforms in the hope to gain access—a process known as stuffing.
Here’s another handy checklist to consider for getting rid of your unwanted data:
Close all redundant accounts—both personal and business
For those that you’re keeping, request a password change and choose a strong, unique password
Save any passwords you wish to keep into your password manager
Enable 2FA authentication if available
While it’s not the most secure method of storing data, many people choose to store their log-in credentials and passwords onto a notepad—either virtual and physical.
This is fine up to a point, but there are few things to consider before sticking with this approach.
If you’re using a physical notepad, ensure that it is kept safely out of sight. If a tradesman were to visit your home, would they be able to cast an eye over your precious data? Do you leave it opened on your desk for easy access? If so...don’t do that. A second practical step is make sure you’re not using the same password for multiple accounts.
If you’re simply using a virtual notepad or document to C+P your details into the relevant accounts, make sure that you’re not connected to any public clouds or any other corner of the internet that might be accessible to hackers.
Despite all your best efforts to build an impenetrable security fortress around your various accounts, what happens if the worst happens and your system is compromised?
There are a few handy websites which can inform you whether yours or a client’s email has been hacked—and, if you do set the alarms ringing on sites like Have I Been Pwned, the best advice is to change those password lickedy-split.
Because we often use an email address as a primary account to verify or log in to other accounts, it’s vital to stay extra vigilant with your email password management. Once a primary email has been breached, a hacker can request password resets in this account and other satellite accounts.
It’s a good idea to keep clients informed and proactive with their password security—to keep a close eye on suspicious password requests in their primary email accounts.
You’re in luck! Another useful checklist:
Install a unique password for each individual platform or service
Use unusual or unconnected phrases or words that have no association with you or your business
Alphanumeric passwords are fine, but it’s better to include special symbols and lower and upper case letters combinations
Instead of PencilcaseBrazil54 choose P3ncIlc@5ebR&ziL433!
The rise in sophistication of social engineering advances has made the need for ultra vigilance paramount. Dastardly breach attempts can come in all sorts of different guises. A text message with secreted malware links, a phone call to procure password information, or an official-looking email from a supposed reputable company encouraging you to offer up critical data.
It’s a good idea to be well-versed in all the different flavors of scams out there designed to hurdle password and email defenses. In general, you need to mitigate the chances of being hacked by deploying all the safeguarding techniques mentioned earlier: strong, unique passwords and 2FA are just the beginning.
It’s vital that you change your passwords often and to offer a gentle nudge to your clients to do the same. You never know when a business might fall victim to a major cybersecurity breach and put their online security at risk
If you’d like any more information regarding passwords and security for your business and personal accounts, please don’t hesitate to get in touch!
There's always more to learn, we recommend these blogs:
Posted by Steve Towells on November 26th 2021