June 01, 2020
Small to medium size kiwi businesses are increasingly being targeted by unscrupulous hackers, and cyber-criminals which often leads to loss of confidential data, intellectual property and can result in considerable business disruption. Poor password security is one of the key methods these cyber-criminals use to gain access to your systems. We want to highlight some of the fundamental threats you’re facing and guide you through implementing a strong password policy for your business.
According to the 2020 Data Breach Investigations Report, over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. You can see the full report here. The problem is the vast amount of people still using weak or compromised passwords, leaving kiwi SMEs vulnerable.
Why are smaller organisations being targeted these days? Cyber-criminals are not just after big corporations with substantial funds. They are looking for the easiest hack which means focusing on smaller, easier targets is often the strategy. Sometimes smaller enterprises can be identified as not having strict policies in place across all aspects of the business. Larger corporations have entire teams working on policy and procedure or dedicated IT teams consistently managing potential threats. As a Managed Service Provider, we want to help make sure you’re just as covered as these larger businesses. We suggest you establish and implement a strong password policy that employees can refer to.
So, we all know we’re supposed to use “strong” passwords, but what does that mean? We’ve come up with the simple acronym ‘CLOUDS’ to help you remember the most important things to think about when creating passwords:
Characters – Use at least one of each of; lower case, upper case, number and a symbol (e.g. #) or a space
Length – A minimum of 8 characters and ideally 10.
Obvious – Ensure your password is NOT obvious like a birthday or your family and pet names. Hackers can find these details through things like social media.
Unique – Think of something new each time. Do not use a slightly altered version of old passwords. Your old passwords may have been hacked from a website and sold on the dark web.
Different – make sure you use different passwords for different accounts.
Set – The most basic rule; set your own passwords. Leaving the default set up by your IT support is unsafe. You’d be surprised at the huge number of passwords that are simply not set at all.
Your intentions are good when coming up with the most uncrackable of passwords but now you find yourself continuously hitting the ‘forgot my password’ button and going through the tedious and time-consuming process of a reset. It sounds all too familiar doesn’t it?
We’re moving towards a world where thumb prints and facial recognition technology will alleviate the need to remember a collection of passwords but until we reach that point, we need a reliable solution to remember our passwords. Considering a password manager program is a good option. This gives you the option to store all your passwords in one place and when you’re signed in, they can quickly populate your details when logging into various platforms. There are numerous safe and reliable password managers so ask your local ITA member which one they suggest to suit your needs.
Alternatively, some people use encrypted documents, for example, password protected Excel or Word documents, while others use the ‘remember password’ facility of their web browser. If you use your web browser, make sure it encrypts the passwords and remember you need to log-off if you share computers or leave it unattended. All of these are good options and can help you move away from physically writing down passwords which can be risky and affect business continuity if you lose access to the physical copy.
Most experts no longer recommend having to change your password every six months as it hasn’t proved to improve security. However, we do suggest if you have old passwords that you bring them up to date and change these every couple of years. Furthermore, always change your passwords immediately if there are any indications they may have been compromised.
The best thing you can do is implement a strong password policy for your employees. Have them use the ‘CLOUDS’ checklist when creating passwords and encourage using a password manager. Make it part of your policy that passwords are updated when an employee moves on to ensure your systems remain secure.
The trick to having strong passwords that pass the ‘CLOUDS’ test, is NOT having to remember them. Use one of the techniques above to do the heavy duty remembering for you. Copy and paste as required. Just remember your login password and your password manager password – don’t write those down anywhere!
Recent growth in remote work locally here in Central Otago as well across New Zealand and around the world has seen an increase in the number of these cyber-attacks and has left businesses vulnerable. Across the ITA we continue to see heightened targeting of clients which is why it’s critical to review or implement your password policy immediately. If you have any concerns in this area or want to find out more about keeping your business protected and secure, contact us or your local ITA member.
IT Centre is a founding member of the NZ-wide IT Alliance – www.ita.co.nz
Check out the links below for a contact near you.
24 May, 2020
It’s fair to say that within the Central Otago business community, COVID-19 has really pushed our business into the cloud. Whilst Microsoft provides powerful services within Microsoft 365, it is important to note that comprehensive backup of your Microsoft 365 data is not one of them. Of over 1,000 IT Pros surveyed, 81% experienced data loss.[i] This can be from simple user error to major data security threats like ransomware. The misconception that Microsoft fully backs up your data on your behalf is common and could result in damaging repercussions which is why it’s important to know what areas you are responsible for.
Have you thought about how your Microsoft data is backed up? “The scary reality is that even though sensitive cloud data is stored in Office documents, an estimated 76% is not being backed up[ii]. In fact, IDC states that 6 out of every 10 organisations still don’t have any form of Office 365 data protection[iii].” Microsoft’s core focus is on infrastructure and maintaining uptime to users but when it comes to data protection, this lies with you.
Users accidentally deleting files is all too common. If a file or email is accidentally deleted, Microsoft makes this recoverable for a short period of time. If you go looking for something a few months down the track and realise it may have been accidentally deleted, you’re unlikely to recover this. If you do not have your own automatic back up and the recoverable period has passed, your file will be permanently deleted.
An even greater threat, if you are made vulnerable by any hackers or viruses, again your data is at risk of being lost. Malware and viruses can do serious damage to your business. Not only is your company reputation at risk, but the privacy and security of internal and customer data as well. External threats can find their way in through emails and attachments and you can’t control users accidentally opening these. Having a reliable antivirus is essential but having back up is critical in the case of a serious breach. Regular or automated backups will help ensure a separate copy of your data is uninfected and that you can recover documents or emails quickly with limited downtime.
Microsoft runs under a shared responsibility model. But what does that really mean? Microsoft data backup will protect you from events such as natural disasters that affect their data centres, hardware or software failures on their part, power outages, operating system errors, etc. Their key focus is on availability and uptime, not your data. This means you are responsible for your Microsoft 365 data including email, OneDrive and SharePoint. It is your responsibility to ensure your data is protected from human error, malicious activity, misconfigured workflows, hackers, and viruses. Basically, Microsoft will ensure availability and access but your job is to protect your data with reliable backup systems and multifactor authentication.
The solution really can be so simple, cost-effective and provide you with ultimate peace of mind. You’ll need to set up a backup solution via a third-party system. With the move of more company data to being stored in cloud platforms like Onedrive and Sharepoint, this data is no longer covered by business local backup systems as they were when data was located on a file server. It is essential when moving to cloud-based storage systems and when investing considerable amounts in the cloud system setup, to have an automated backup.
Having a backup of your Microsoft 365 data mitigates the risk of losing access to important emails, documents and files for all your users. It is critical and will fill the gap between long-term retention and data protection. We can help in getting this set up for you. You send us a quick email here or you can give us a ring. We would me more than happy to chat this through with you in plain English.
[i] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019
[ii] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019
[iii] Veeam customer survey, September 2019 3 IDC: Why a Backup Strategy for Microsoft Office 365 is Essential, 2019