Your systems are only as secure as their weakest link. Typically this is a person’s username and password.
The 2014 Cyber Security Intelligence Index by IBM showed that 95% of all security incidents involved human error or a breached identity. This was brought to light by a recent BBC documentary on London’s railway stations which inadvertently exposed a password pinned to the top of a station controller’s monitor.
The steps below will help to improve your password security and in turn, the overall security of your systems:
1. Create complex passwords: Still using “123456” or “password” as your preferred login? If so, you’re an ideal target for cyber criminals. The first step in creating a strong and unique password is making it at least eight characters long and a mix of upper and lower case letters, numbers and symbols. For even greater security, use a full sentence with random words.
2. Keep your passwords private: Although seemingly obvious, people still share passwords with colleagues or friends. If you do need to share a password, change it as soon as possible afterwards. Avoid writing passwords down and be vigilant of phishing emails which try to capture your details.
3. Avoid reusing passwords: Whilst using a single password for a variety of accounts may be convenient, it increases the extent of data compromise. Hackers that gain access to one of your accounts are sure to try accessing others.
4. Change your passwords regularly: Make sure you update your passwords every 30-60 days across all your accounts and if helpful, schedule regular reminders.
5. Set up two-factor authentication: Two-factor authentication relies on a standard password, as well as a second unique code. This can be generated and sent directly to your mobile device via text message or voicemail, fingerprint scan, voice recognition or confirmed by landline. An attacker must compromise both factors to gain access to your data, making a breach far less likely.
6. Use a password manager: Complex and unique passwords can be difficult to remember. A password manager helps by storing your various passwords in an encrypted database, protected by a master password, which becomes the only password you need to remember. At Foration, we find LastPass particularly helpful.
7. Update your anti-virus software and security patches: Software and patch updates play an important role in protecting your systems from the latest security threats. Despite this, less than 40% of businesses believe they effectively manage their patch updates according to a recent Cisco survey. Proactive patch management is important and should be supported by your IT support company.
The estimated cost of a data security breach to a UK SME averages at £48,000 in damages and reactive spend. Passwords are your first line of defence in protecting your business so ensuring they are suitably complex and secure is imperative.