June 01, 2020
Small to medium size kiwi businesses are increasingly being targeted by unscrupulous hackers, and cyber-criminals which often leads to loss of confidential data, intellectual property and can result in considerable business disruption. Poor password security is one of the key methods these cyber-criminals use to gain access to your systems. We want to highlight some of the fundamental threats you’re facing and guide you through implementing a strong password policy for your business.
According to the 2020 Data Breach Investigations Report, over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. You can see the full report here. The problem is the vast amount of people still using weak or compromised passwords, leaving kiwi SMEs vulnerable.
Why are smaller organisations being targeted these days? Cyber-criminals are not just after big corporations with substantial funds. They are looking for the easiest hack which means focusing on smaller, easier targets is often the strategy. Sometimes smaller enterprises can be identified as not having strict policies in place across all aspects of the business. Larger corporations have entire teams working on policy and procedure or dedicated IT teams consistently managing potential threats. As a Managed Service Provider, we want to help make sure you’re just as covered as these larger businesses. We suggest you establish and implement a strong password policy that employees can refer to.
So, we all know we’re supposed to use “strong” passwords, but what does that mean? We’ve come up with the simple acronym ‘CLOUDS’ to help you remember the most important things to think about when creating passwords:
Characters – Use at least one of each of; lower case, upper case, number and a symbol (e.g. #) or a space
Length – A minimum of 8 characters and ideally 10.
Obvious – Ensure your password is NOT obvious like a birthday or your family and pet names. Hackers can find these details through things like social media.
Unique – Think of something new each time. Do not use a slightly altered version of old passwords. Your old passwords may have been hacked from a website and sold on the dark web.
Different – make sure you use different passwords for different accounts.
Set – The most basic rule; set your own passwords. Leaving the default set up by your IT support is unsafe. You’d be surprised at the huge number of passwords that are simply not set at all.
Your intentions are good when coming up with the most uncrackable of passwords but now you find yourself continuously hitting the ‘forgot my password’ button and going through the tedious and time-consuming process of a reset. It sounds all too familiar doesn’t it?
We’re moving towards a world where thumb prints and facial recognition technology will alleviate the need to remember a collection of passwords but until we reach that point, we need a reliable solution to remember our passwords. Considering a password manager program is a good option. This gives you the option to store all your passwords in one place and when you’re signed in, they can quickly populate your details when logging into various platforms. There are numerous safe and reliable password managers so ask your local ITA member which one they suggest to suit your needs.
Alternatively, some people use encrypted documents, for example, password protected Excel or Word documents, while others use the ‘remember password’ facility of their web browser. If you use your web browser, make sure it encrypts the passwords and remember you need to log-off if you share computers or leave it unattended. All of these are good options and can help you move away from physically writing down passwords which can be risky and affect business continuity if you lose access to the physical copy.
Most experts no longer recommend having to change your password every six months as it hasn’t proved to improve security. However, we do suggest if you have old passwords that you bring them up to date and change these every couple of years. Furthermore, always change your passwords immediately if there are any indications they may have been compromised.
The best thing you can do is implement a strong password policy for your employees. Have them use the ‘CLOUDS’ checklist when creating passwords and encourage using a password manager. Make it part of your policy that passwords are updated when an employee moves on to ensure your systems remain secure.
The trick to having strong passwords that pass the ‘CLOUDS’ test, is NOT having to remember them. Use one of the techniques above to do the heavy duty remembering for you. Copy and paste as required. Just remember your login password and your password manager password – don’t write those down anywhere!
Recent growth in remote work locally here in Central Otago as well across New Zealand and around the world has seen an increase in the number of these cyber-attacks and has left businesses vulnerable. Across the ITA we continue to see heightened targeting of clients which is why it’s critical to review or implement your password policy immediately. If you have any concerns in this area or want to find out more about keeping your business protected and secure, contact us or your local ITA member.
IT Centre is a founding member of the NZ-wide IT Alliance – www.ita.co.nz
Check out the links below for a contact near you.