Cybersecurity is the number one consideration for small to medium businesses seeking to operate an efficient, cost-effective, and reliable IT network. Countermeasures range from managed antivirus software solutions to high end firewalls and routers that manage every single byte of data that crosses the threshold of your network.
But what about the weakest part of any IT network – its users? Human beings are far more prone to error than computers are. One of the most, if not the most, prolific ways in which hackers illicitly gain access to a computer network is via a compromised password – either divulged directly to a criminal via social engineering, guessed, or extracted from an unprotected computer. Governments around the world are constantly urging private businesses to be vigilant and the cost to the global economy is in the trillions of dollars.2
9 in 10 business owners are worried about password security. This guide will identify how to maintain a secure set of passwords, what constitutes a good password and some of the tools available to keep your passwords strong and secure.
Why are secure passwords so important?
Simple – they are the front line of defence on any computer network. Even the most inexperienced of hackers will be able to at least access some form of login screen – be it for email, privately used software or VPN access. These locations are often publicly available by design, but without a valid set of credentials (i.e. a username and a password), where does the hacker go next? This is where good password practice pays dividends. It should be the first consideration of any company-wide IT policy. Usernames are relatively easy to guess (e.g. ‘asmith’, ‘andrew.smith’ or just an email address), but passwords are far more difficult to replicate.
How do I keep my passwords secure?
- Use accepted password standards – There’s no secret to creating robust, secure passwords. The IT industry operates a series of globally accepted password standards that businesses should adhere to, if they want to maintain a secure network.
- Operate a domain-wide password policy – Ensure that your IT department, or IT support provider, enacts a policy on your network that forces users to change their password after a specified amount of time (usually 30 days). Some companies lower this to 14 days.
- Manage people, as well as IT – As part of your IT policy, make sure you stipulate that users are not to write any passwords down, especially on or around a desk, or in areas of the office with high footfall.
What common mistakes do users make?
Most people have seen a movie that depicts someone using a password such as ‘password1’, and laughed, but it’s not THAT far from reality. Users make all kinds of basic errors when formulating a password, from using variations on their name, partners name, child’s name, car make or model, birthday or even the name of the company they work for, followed by a single number – usually ‘1’. Think about some of the passwords you use in your daily life. How many of them contain this kind of information? Data which, it has to be said, is usually surrendered via social media?
What are the consequences of poor password practices?
Unfortunately, if one of your users is operating with an easily exploitable password – or set of passwords – this could ultimately lead to a business suffering a catastrophic cyber attack such as a ransomware attack, where data is encrypted by criminals in return for a ransom, or data theft that causes irreparable damage to client relationships and reputational loss. Those aren’t scare tactics. It can, and does, happen. An October 2020 study by Verizon showed that approximately 81% of cyber attacks are the result of weak passwords being compromised by cyber criminals, making all such attacks entirely avoidable.1
How do I create strong passwords?
The quickest and most efficient way of creating a robust password is to use an online password generator, such as LastPass’s Password Generator Tool.
These online tools generate a password based on a set of pre-defined parameters, which can be adjusted based on the complexity requirements of the software that the password is to be used for. These tools generate passwords based on complex algorithms that are impossible to crack, and can be relied upon as the most secure method of generating a unique password.
A common mistake when changing a password is to simply add a number onto the previous password. Don’t do this. Ensure you generate a completely new password every time you are required to do so.
The most important thing to remember is to never use real words or phrases when generating a password, especially anything concerned with real people, dates or life events.
Examples of good and bad passwords
|At least 12 characters long||Contains less than 10 characters|
|Contains at least one uppercase character, one lowercase character, a number and a punctation mark||Contains a series of the same character – e.g. ‘aaaaaa1’|
|Doesn’t use actual words||Uses words spelled backwards or words replacing letters with numbers|
|Is not based on readily available information||Uses the names of the user or the family member|
What extra tools can I use to keep my passwords safe?
As well as LastPass’s online password generator, applications such as Keeper, Dashlane and Bitwarden offer open source password management solutions that involve cross-browser compatibility, secure password vaults and real time functionality.
The importance of using multifactor authentication cannot be overstated. This is essentially a failsafe that requires users to confirm their identity on a separate platform (such as a mobile phone or business email) as well as entering a password, before access to a given system is granted. Think of it as a password system on steroids! It’s a free option within most software platforms and businesses simply have to use it.
We can help
totality services have been at the cutting edge of SME IT security solutions for over a decade. Our team of highly skilled security professionals are ready to assist you in any way they can – from enacting a robust password policy to hardware procurement, support and beyond.
Give us a call on 020 3744 3105 to find out how we can help.