Monthly Archives: May 2024

Password Best Practices Keep Your Business Secure

According to an article in the HIPAA Journal, May 2nd was “National Password Day.” You didn’t know there was such a day? National Password Day was declared in 2013 to bring awareness of both the importance of passwords in keeping personal and company data safe, but also about  password risks and best practices to mitigate those risks. Read on to learn about the state of thinking about passwords, and how to better manage login credentials.

 

A Brief History of Passwords

 

Even with biometric methods of identification, and single sign-on technology, passwords are still relevant as the most common way to secure personal and business accounts. Passwords were first developed in the 1960s at the Massachusetts Institute of Technology (MIT) to guard accounts against unauthorized access. Incidentally, the first password breach occurred there, too.  More recently, a survey of 2400 respondents in the U.S. and other countries revealed some sobering statistics about password practices.

 

Common Password Practices

 

Using the same password for multiple accounts was a common practice, with 84% of respondents admitting to using the same password for multiple accounts. If a hacker can steal the password to just one account, they can easily gain access to others.

 

54% of respondents relied on memory for passwords, and because of this the passwords can be too short and weak.

 

36% incorporated personal information (family names or birthdays, for example) in passwords to make remembering easier. 

 

33% used only a password, rather than two- or multi-factor authentication, to access their accounts. 

 

Moreover, even when changing passwords, users didn’t change them sufficiently. Instead, they only changed a few characters, with the idea of keeping them easy to remember.  All of these practices can facilitate the theft of passwords by social engineering (email “phishing” or text-message “SMiShing”) attacks, or even brute force attacks. How can thinking on passwords be changed?

 

Best Practices for Password Management

 

First, the article suggests thinking not in terms of passwords but passphrases, multi-character combinations of upper- and lower-case letters, numbers and symbols, that are more difficult to guess. Also, the article suggests using password management systems where the list of passphrases is itself protected by a passphrase of at least fourteen characters. Companies can develop clear, enforceable policies for password management, which might then influence how workers handle passwords outside of work, too. 

 

Passwords are still necessary to secure business and personal accounts, and thus need to be unique and strong. For help developing your company’s password policy, contact your trusted technology advisor today.

Cybersecurity Challenges for Small to Medium-Sized Businesses

Cybersecurity, ever a topic for businesses of all sizes, poses special challenges for small to medium-size businesses. Not only can they be special targets for bad actors, but they also deal with tight budgets and at times a lack of understanding of what cybersecurity means. Read on to learn how a small business can meet cybersecurity challenges and build strong defenses.

 

A number of cybersecurity issues are challenging for smaller businesses, according to a CompTIA article. First, just getting started with a cybersecurity plan can seem like a huge task. And what does cybersecurity mean for your business? What mission-critical data and applications need protection? Once your company has decided on your goals, how will you reach them? 

 

Another issue is spending. Often, a small organization’s cybersecurity budget is tight, and the business cannot spend very much on an IT team, or the training to upskill current workers. How much will a third-party solution cost? These and other costs can seem daunting. 

 

Knowledge and understanding of the threat landscape is another challenge. Small or medium-size businesses might think that, being small, they are “under the radar” of cybercriminals. However, they are likely to be the victims of a cyberattack. According to the FBI, small businesses comprised the majority of victims in 2021. Even if the bad actors don’t specifically target a small company, they may use the small company to target larger businesses. Often, the criminals are looking to steal data – credit card and bank account information, customer data, even proprietary business information–from anyone they can. 

 

One of the challenges is complacency; small companies may think they don’t need to learn new skills. On the contrary, they need to adapt to an ever-changing threat landscape. Cyber attacks are becoming more frequent and more sophisticated, with  attackers banding together. Previously, hackers may have worked on their own, trying to execute brute force attacks or use bots to take down a website with a distributed denial of service (DDoS) attack.   

 

Cybersecurity Help for Small Businesses

 

So, what’s the solution? The good news is, though cybercriminals are banding together, small to medium-sized companies can do the same. Technology service providers  can help small businesses access threat intelligence and learn from organizations that have been attacked and have recovered. And with help from the Cybersecurity Infrastructure Security Agency (CISA) and its various resources, businesses can get information and start acting on that information to develop their cybersecurity plan. What’s more, a company might seek out third-party partners that can help supply the IT talent to improve their cybersecurity posture.

 

Cybersecurity, especially for smaller businesses, can seem like a huge challenge. However, help is out there. To learn more about developing a security plan, contact your trusted technology advisor today.