For small business and entrepreneurs, a cyber-attack can not only cause massive damage, but it can also cripple the business. For instance, if proprietary information, that gives your SME an edge over competitors is stolen, then that is enough to put you out of business.
There are many ways hackers can gain unauthorized access into your business, but one of the most prevalent is weak passwords. Research shows that 80% of cyber attacks trace their origin to weak passwords.
Weak passwords are like open doors; they allow an intruder to come in and take everything they desire. To protect your brand and ensure you do not go under; it is vital for all employees to have strong passwords. For that to happen, they must first recognize the common password mistakes followed by how to overcome them.
Common password mistakes that leave small enterprises vulnerable.
1. Using the same password for multiple logins.
Whenever employees use the same passwords for all logins, they risk becoming an entry point for a massive hack. Consider, for example, the LinkedIn hacking incident in 2012 that saw hackers crack 6.4 million passwords. A separate attack saw hackers crack 1.5 million eHarmony passwords.
Just recently, in 2016, hackers got out with roughly $3.2 million after gaining access to 9000 accounts in Tesco bank. Again, Tesco had no choice but to reimburse the customers their money.
With the above data breaches, the hackers must have first cracked an admin password that gave them access to the system before following the trail and cracking the other passwords. That means the admin password was not strong enough to resist hacking attempts.
The reason most people stick to a single password despite knowing the risk is because one password is easy to remember. Unfortunately, no matter how complex that one password is, it is still a master key. If an intruder cracks it, then your entire digital life is in jeopardy.
2. Using non-random and simple passwords.
If an enterprise does not insist that employees create complex passwords, then the chances are high that most employees will use non-random passwords that are easy to remember. Simple and non-random passwords have one weakness; they are easy to deduce, which brings us to the topic of cracking passwords with brute force
Brute Force can crack a simple password in seconds.
Most people imagine that as long as the password references personal information that no one knows about, then the password is strong enough. That cannot be further from the truth.
A brute force attack is a continuously trial-and-error process aimed at obtaining information such as password combinations. There’s no ingenious algorithm behind, and anyone with the automated software can put it to ill use.
Consider this password form someone who loves Captain America — captainamerica1941. A popular password generator shows that it takes only 4 short hours to crack. The lead time can even be significantly shortened if the hacker knows about the user’s interests from social media, so not only should we be careful of how much about ourselves we give away online, it’s also important to steer away from ‘meaningful’ password combinations.
How can an SME overcome these password mistakes?
By following three critical steps that will ensure the passwords are near uncrackable.
Step 1: Encourage All Employees to Create Strong, Random and Unique Passwords and Find Ways to Ensure They Do So.
Just telling your employees to create strong passwords does not guarantee that they will do so. People tend to ignore directives until something happens that makes them react.
A good way to ensure they actually do so is to scour the market for the best password generator. We recommend ExpressVPN’s password generator which comes with a brute force cracking time checker and can be downloaded for offline use. Once you do so, make a point of ensuring each employee has access to it and that they are using it.
ExpressVPN’s generator is downloadable so users can generate passwords offline. This is important as it ensures that passwords are not sent via the internet or an unencrypted Wi-Fi network to your device. But this is not necessary under most circumstances as this generator is programmed to create unique password combinations utilizing your own device’s computing power.
If employees prefer to stick to their own passwords, encourage them to plug it into the password field of the generator to check how long it takes to crack it with brute force. Consider a password secure if it takes at least 200 years to crack.
Step 2: Make Sure Your Employees Use a Password Manager.
To ensure your employees do not end up using one complex password for all logins because they cannot remember multiple complex passwords, provide a password manager.
The password manager will sync passwords to the cloud in addition to encrypting them on your device. That ensures the employees can easily access them as needed. The trick is in finding a good and reliable password manager.
3. Activate 2-FA.
2-FA is two-factor authentication. It uses a registered phone to send a one-time password to your phone via text message when accessing an account. That means that even if someone has your password, they still cannot log in into your account because they cannot access the one-time password.
As a business owner, ensure that all accounts including email accounts utilize two-factor authentication to guarantee security.
Emphasizing strong passwords is one of the sure-fire ways of protecting your business’s digital assets. The above three guidelines will help ensure this.