As a small business owner, you have enough on your plate without having to worry about the security of your online accounts. But with data breaches becoming more and more common, it’s important to make sure that you are doing everything you can to protect yourself and your business online and that starts with your passwords.
Cybersecurity is one of my passions. I am well versed in protecting ourselves and our clients on how to stay safe online. I have soooooo much to say about password protection, but I will try to keep this brief and explain why you should follow these best practices. This blog does not even begin to touch on how to stay safe online, but it is a very good beginning as I know a lot of you are doing things in the Don’t section.
How Do Passwords Get Compromised?
One way hackers compromise users’ personal information is by hacking a site with extensive databases filled with people’s personal info (this has actually happened many times). They then upload these to the internet, sometimes for free. With a well crafted google search, you’ll find many of these lists. Once a hacker gets their hands on such information, they can not only access your account freely, but they could potentially make thousands more accounts using your information.
To help protect yourself from these leaks, it is crucial to use Multi-factor authentication any time a website offers it. The hackers will not be able to log in using just your leaked password. There is an additional authentication step involved. The more popular ones are using a code that is sent to you via SMS or email and a One Time Password Token that is generated by a 3rd party app called an Authenticator.
I also highly recommend visiting a website called https://haveibeenpwned.com/ often to check if your online accounts have been hacked.
Another way passwords can be compromised is through a term called social engineering. This is when hackers reach out to you either directly through your phone, email, social accounts, etc and trick you into giving them your password or giving them direct access to your account. These people prey on your vulnerabilities and oftentimes they are very good at it.
The best advice I can give is do not take anyone’s word that they are who they say they are. If someone calls you regarding anything related to your personal information, simply tell them you will call them back at the business number listed online. Do not call the number they give you. Hang up, look up the business online and call that number. You are not being rude and if they pressure you or threaten you, I guarantee they are not legitimate. The more pressure someone puts on you, the more you should slow down and think about what they are trying to get you to do. Again, a simple google search of the phone number or whatever phrase they are using is a good starting point to check if it’s a scam. Remember, you can always hang up and do some research before handing over any information.
Do not under any circumstances click on any link in emails. I recently received 2 emails from a friend. The subject line was something like “I think you will enjoy seeing these pictures of us”. I deleted the email without even opening it. Email addresses can not only be hacked, they can be spoofed. This means they are constructed to look like a legitimate email address and are often just one character off in the hopes that you won’t notice. If something similar happens to you, call that friend first and make sure the email came from them. Same thing goes for official looking emails from banks, credit cards, IRS, etc. If you come across anything obviously phishy, click on the spam button to teach the email servers which email addresses are spammers. That not only helps you, but it also helps millions of others.
How Do Hackers Crack Passwords?
Hackers use a variety of methods to crack passwords. What’s more important is how easily they can crack one. Take a look at the table below from Hive Systems to see just how quickly passwords of different strengths and complexities can be hacked. Keep in mind this information is based on a generic home computer. These times are reduced drastically with a higher end processor.
There is no fool-proof method to protect all of your passwords, but there are many things you can do to help protect your personal information.
Here Are Some Password Do’s
Do take a look at this list to see if your passwords are on it: https://nordpass.com/most-common-passwords-list/
If they are, change them immediately. Right now a 10 year old is sitting at their computer and using this list to see if they can get lucky. When they finish with the list they are going to search your social media accounts to see what your pet’s and children’s names are and then try combinations of those.
Do use a random password generator. Chances are good that if you come up with a password in your head, it can be cracked easily. There are free password generators online. These are going to be complex, secure passwords that need to be stored somewhere.
Do use some sort of password manager. There are many to choose from online. Password managers encrypt your passwords before they even leave your device. They then require a master password and two-factor authentication to access and decrypt. If the site gets hacked, the hacker can only see the encrypted form of your passwords. The encryption methods used today ensure your passwords won’t be cracked in this lifetime. Password managers can be used on multiple devices, they generate the random passwords for you and they also search the dark web to see if any of your passwords have been compromised.
Here Are a Few Dont’s
Don’t use the same password for more than one account. If someone gets access to one of your accounts, they now have access to potentially all of your accounts that use that same password.
Don’t write your passwords down on paper or keep them in a note on your phone. Hackers hang out in public places all the time and shoulder surf. Along with this, don’t use public wifi to sign into your accounts. Especially any financial accounts.
Don’t use your pet’s or children’s names or birthdays in your passwords or PINs.
Don’t change just one digit when it’s time to change your password at work.
By implementing these simple password practices, you can help keep you and your business safe from data breaches in 2022 and beyond. Keep in mind that hackers are always coming up with new ways to access accounts, so it’s important to stay up-to-date on the latest security measures. Stay safe out there!
