How can a small business password protect itself?Anirban Banerjee
It should come as no surprise that businesses handling any amount of customer data are frequent targets of hack attempts. Hackers may be after credit cards, personal identities, or sensitive company data. The hackers after this information are not typically like you see in Hollywood movies either. They aren’t sitting in front of large Matrix-like terminal screens, watching ASCII characters scroll down the screen. The methods they use are relatively simple and easily obtainable, from brute-force dictionary attacks, to simple social engineering. This article will provide several guidelines to follow to protect your small business from password hacking and data theft.
Password Management Requires Ongoing Vigilance
Large corporations that suffer data breaches are typically able to apologize to customers and sweep the issue under the rug. A notable example would be when a hacker utilized a simple script on an AT&T website to expose the email addresses of thousands of iPad owners. The hacker was arrested and indicted, but many security experts pointed out just how simple the attack was in method. It was a clear example of how “too big to fail” corporations, can’t afford to be relaxed with sensitive customer data.
Small business owners, however, can face disaster as a result of a data breach. A former executive director of FEMA noted that 60 – 90% of small businesses never recover from data hacks. For this reason, small business owners need to be highly vigilant in protecting their passwords and sensitive data. The following are some crucial guidelines to ensuring proper password management.
- Create Easy to Remember Passwords – A good password doesn’t need to be an extraordinarily long string of letters and numbers that you will never remember. In fact, creating such a password might tempt you to write it down somewhere, which could fall into the wrong hands. Choose a password that you’ll be able to remember, and follow the next guideline to make it safe.
- Make Your Password Hard to Guess – A hard to guess password isn’t necessarily something completely obscure. It simply means utilizing the right combination of characters, letters, and symbols to prevent password hacking methods such as a brute force attack. If your birthday is September 15th, 1975 for example, you could make your password “s3PT3mB3r:1519&%”. Notice how this password utilizes lowercase and uppercase characters, replaces some letters with numbers, and also uses the symbols when pressing Shift+7 and 5 to replace “1975”. It would be difficult for even a highly sophisticated brute force dictionary to guess this password.
- Things You Should Not Do – To prevent brute force attacks, you need to “think” like a brute force script. Not all combinations of letters and numbers are safe, and in fact could be easily guessed. Passwords like ‘abc123’ or “G0-Y4nkees” are still vulnerable to advanced brute force dictionaries that will try and substitute letters for numbers.
- Never Share Your Credentials – It’s estimated that 66% of password hacks are actually the result of social engineering. You may receive a Skype chat from someone posing as an IT tech in your company, and they will try to talk you into revealing your password information. If you receive such a message, always notify upper management. The reality is that there’s actually never a good reason for an IT person to want your password anyways, because they would already have admin-level privileges over the network to begin with.
- Change Passwords Regularly – Even if you feel safe and secure with a strong password, it’s still wise to change your password every 2 – 3 months. This will deter the more determined hackers attempting a long hack campaign.
Hold Employees Accountable
Your small business must foster an atmosphere of smart cyber-security. Not only should employees be instructed in proper password management, they should be held accountable for successful hacks using their credentials. You could even hire a security expert to attempt to hack employee passwords, and notify you if they are successful. When sensitive business information is at stake, this would not be going overboard.
Thousands of large corporations have begun utilizing 2-step authentication, which is an automated process of sending randomly-generated security codes via SMS or other delivery methods. Employees are instructed to enter these security codes after entering their password.
Create a Centralized Login for all Corporate Log ins
If you create a single profile for corporate log-ins, you can segment the individual employee privileges within the profile group. This makes it easy to simply remove employees from the privileged group if they leave the company.
Use a Password Management Tool
Small businesses that share password credentials across teams are putting themselves at risk. For example, an online company that keeps account credentials stored in project management software for easy record-keeping. If a hacker gains entry to this project management software, every password you’ve stored is now obtainable. That is why companies should consider using a password management tool, which will automatically generate and secure log-in credentials.
Examples – LastPass, 1Password or OnionID are reputable password management tools that have a wide range of features. These tools will encrypt and store all unique passwords or other sensitive data, and allow you to access them with a master password or even more sophisticated with features like AIrSign, TouchID or Geofencing. OnionID is highly recommended here, ensuring security using invisible multi-factor authentication, geo-fencing, proximity sensing and more. The Best: You can set it up in less than 60 seconds.
Random Password Generation – Instead of needing to think of difficult passwords, a PMT will generate random long-string passwords for you. An example password would be “siG36s^423Dsdg%$”. The PMT will then remember the password it created, and automatically log-in to the sites you allow.
Device Synchronization – Choosing a PMT that offers mobile and tablet versions will allow you to synchronize passwords across these devices. This is particularly useful if you do mobile banking on different devices.
Personal Password Storage – A PMT isn’t just for mobile banking and company passwords; it can be used for your personal social media or email accounts as well. This helps add an extra layer of protection against personal identity theft.
Efficient and Time Saving – People tend to have user accounts across many websites. Whether it’s commenting on a news article or uploading pictures to Tumblr, a log-in is required for most community-based websites. A PMT will automatically log you into these sites, which equates to time saved.
Password hackers typically don’t employ sophisticated methods. Brute force scripts are easily downloadable, and social engineering is just preying on simple ignorance. By following the guidelines in this article, you will be much safer from the password thieves who are out to damage your business.