If your inbox gets flooded on a daily basis with phishing and spam messages, that’s reason enough to keep your business passwords and security safe. No one wants their contacts, customer details, and critical business data to get breached. It’s not just about you — it’s about the reputation, money, and time of your clientele.
Password security is one of the most important parts of keeping your business safe online. While it may seem like a simple thing to do, there are many ways to make sure that you are doing it right and protecting yourself from hackers and other threats.
Here are 6 tips for keeping your passwords safe and secure.
1. Strengthen Your Internet Security
Your local internet network — the wired or wireless network you operate your business on — will inevitably be one of the weak links in terms of password security. Many people forget about this, but it’s actually a very important part of your security setup.
First and foremost, make sure that all devices on your local network have strong passwords. This will not only protect against unauthorized access to devices like computers, phones, and printers but also reduce the risk of someone gaining access to your business’ files through these devices.
Make sure that each device has a unique username and password that is complex enough to be difficult for hackers to guess, but not so difficult that everyone forgets them. A password generator can be a good investment.
Avoid Public Wi-Fi
Avoid connecting to an outside network, and monitor your internal network for unauthorized access. If you do connect to an outside network, make sure that it is secure and encrypted. A virtual private network (VPN) is a good option for this.
Public networks can be quite dangerous. Don’t connect any of your sensitive business files to a public Wi-Fi network unless you absolutely have to.
2. Email Vigilance
Email is a common attack vector for hackers looking to steal your passwords. They’ll send you a link that looks like it’s from your bank or another business you do business with, but when you click on it, you’re actually giving them access to your password and other information.
Protect yourself by scrutinizing emails from businesses you do business with. Be wary of any links in emails from these companies that ask for personal information or money — they may look legitimate, but they could also be phishing scams. If you get an email from a company asking for personal information like your Social Security number or account details, call their customer service number directly instead of following the link provided in the email.
3. Two-Factor Authentication (2FA)
Two-factor authentication uses two types of identification to access a service or account. Often, when logging in, you have to enter not only your username and password but also a code that’s sent to your phone.
This is an important security tool because it prevents hackers from gaining access to your private information by simply guessing your password. It also makes it harder for them to impersonate you online by making you verify every login with a second signal, such as a text message sent to your phone or an app like Google Authenticator.
Setting Up 2FA
Setting up 2FA for your business is relatively easy. It involves:
- Downloading a 2FA application like Duo Mobile, Authy, Google Authenticator, or another of your choice.
- Using a QR code to link the 2FA to your account.
- Creating a backup code or recovery key and storing it in a safe location.
- Setting up the 2FA application on your phone, laptop, or other device.
From now on, you’ll enter a second password whenever you log in. The first password is your account password, and the second is the code generated by your 2FA application. That will prevent hackers from accessing your account even if they have your password.
Even that’s not a complete solution, though.
A Word About Text Message 2FA
When you enable text message 2FA, you’re sending a code that anyone who has access to your phone could intercept. A hacker can hack your phone or SIM card, call up your carrier, and say they lost their password, then get back into your account. You’re better off using a dedicated app like Authy or Google Authenticator to generate codes — these apps run in the background and don’t store any sensitive information on your device.
SIM swapping may seem like an unlikely occurrence, but it’s a very common way to gain access to your accounts. The bigger a target your company is, the more likely someone is to try and hack you. If you’re an executive at a major company, then you’re likely being targeted by hackers every day. If your phone gets stolen, they might get access to your corporate accounts in short order — which is why it’s so important to use 2FA that doesn’t rely on text messaging.
4. Password Security
You should use a combination of upper- and lower-case letters, numbers, and symbols. The more complex your password is, the harder it will be for someone else to guess it. Don’t use passwords that anyone who researches you can easily find out. For example, don’t use your name, the name of a family member or pet, or your birthday. You should also avoid using common words found in the dictionary.
The danger to your passwords does not, strictly speaking, come from someone just randomly guessing your password (although that does happen). Hackers today can use advanced brute force attacks that comb through huge databases of stolen information and try your username and password on dozens or hundreds of sites. They can also use botnets — networks of compromised computers — to send millions of requests to a site in order to determine if a particular combination is valid.
A “dictionary attack,” for example, will quite literally run through all the words in a dictionary, as well as their common variations, to try and find a password. This is more effective than you might think: Even if your username is not in the dictionary, a hacker might be able to guess it based on its components — for example, using “john” as the first half of a username and combining it with “smith” as the last half.
Remember, if it never worked, hackers wouldn’t do it. These methods are proven to work and can be very lucrative for the hacker.
Never reuse passwords in multiple areas.
Long Complicated Passwords
Your passwords should ideally be quite long and complicated. The longer, the better. Of course, the problem is that both you and your employees will inevitably struggle to remember the password, so make sure you have a good system in place for archiving and recollection.
It’s a good idea to write your passwords down on physical paper, but bear in mind this does create another attack vector if someone finds the paper. If you’re worried about that, consider writing your passwords down on a USB stick that you can then lock away in a safe.
There are also other, more efficient solutions available on the market.
5. Password Managers
Password managers, such as KeePass, Lastpass, and 1Password, are software applications that keep track of all your passwords for you. They store them in an encrypted format on your computer or mobile device so only you can see them. For businesses, this can be an invaluable tool that ensures security and compliance with data protection legislation.
Password managers can be used to store passwords for all sorts of different accounts, including email, social media, and work accounts. You can choose the one that works best for you and then use it to generate and store passwords in an encrypted format. This means that, if you lose your device or someone gets access to it, they won’t be able to see your passwords. The only way they can get at them is by using the master password that unlocks the app itself.
There are many advantages of password managers:
- They include auto-fill password fields that work on all devices — speeding up login and access.
- They store all your passwords in one place — so they’re easy to access and manage.
- Password generators create strong, unique passwords for every account.
- You only need to remember one master password.
- They auto-lock after a period of inactivity, so you don’t have to worry about leaving your device unattended.
- They come with backup and restore capabilities, so you don’t lose any data if something goes wrong.
As you can see, this dramatically reduces the number of passwords you have to remember while also making your accounts much more secure. Password managers can also help you generate strong passwords, which can be difficult for some people.
6. Social Engineering Attacks
The final and most nuanced security vector to consider is social engineering. This attack type involves tricking people into giving up sensitive information or performing an action they wouldn’t otherwise do, such as installing malware on their systems. By doing so, hackers can easily gain access to your business data and networks.
Social engineering attacks are typically executed through email or phone calls, but also through text messages and other direct messaging platforms. Hackers will impersonate someone you trust, such as a customer service representative from your bank or even a friend or family member, in order to gain access to your personal information and steal from you.
How Do Social Engineering Attacks Work?
Social engineering attacks are often effective because they prey on people’s natural desire to help. They effectively play a psychological game on the victim, and this is why they’re so dangerous. The hacker will typically begin with a phone call or email that claims to be from a legitimate organization, such as a bank or government agency.
Their goals are varied. Some of them might try to take remote control of one of your business computers, install malware, and thereby steal passwords or other sensitive information, whereas others are simply looking for personal information that they can use to steal your identity. Some phishing links seek to install ransomware that will encrypt your files and hold them hostage until you pay a fee. This is a common tactic used by hackers who are looking to extort money from their victims.
Educating Staff Against Social Engineering Attacks
In the case of a social engineering attack, hackers target the mind, not a computer. Their aim is to get you, or an employee, to just tell them the password or give them enough information to guess what it might be. Educating yourself and your employees about phishing scams and other social engineering attacks, though, can help you avoid falling victim to them.
Make sure you know many of the common psychological appeals that hackers use to trick people into giving up their passwords or other sensitive information. Don’t just assume that “It couldn’t happen to me” — hackers prey upon people who assume that. A social engineering attack is an effective and viable way to gain access to someone’s passwords, so be on your guard, and don’t make it easy for hackers to get what they want.
Business Cybersecurity Is In Your Hands
These simple tips, coupled with regular review and updates, should help you in your quest to keep your business password safe online. On the other hand, failure to take the proper precautions when maintaining your business security could be detrimental to the health of your business.
Instead of becoming a statistic, why not make use of the resources available and always keep your business passwords and security safe? Resourcing Edge has worked with many security and technology companies in the past to help protect their clients from cybercrime attacks. They offer expert advice on how to set up good password practices for employees, and they offer tips on how to reduce the risk of a breach occurring.
Visit them today to sign up and access valuable resources that will help keep your business safe from cybercrime.