The Easiest Way to Protect Against Cybercrime: 5 Ways to Strengthen and Protect Your Passwords
Cybercrime is a top concern for businesses today. Damages related to cybercrime are projected at $6 TRILLION globally by the end of 2021. If you’re not a huge company, you might think cybercrime is less of a threat, but consider this:
Of the 29.6% of companies that are projected to experience a data breach in the next two years, nearly half (44%) are expected to be small businesses. Further, the impact is disproportionately larger for smaller businesses at an average cost of $8,100 per incident and with an average downtime cost of $283,000.
While you might think that your business can’t afford the sophisticated cybersecurity systems and processes available today, the best line of defense is something any business of any size can address: password health.
Passwords are commonly compromised. In fact, compromised passwords cause over 80 percent of all data breaches (and if you’re a retailer, consider that 90 percent of all login attempts on retail sites are NOT shoppers logging into their accounts). While no amount of hardware or software can fix poor or mismanaged passwords, there are things you can do to strengthen those you depend upon to protect your company, employees, and customers. Here are a few tips you can put into action right away:
#1: Make passports long, complex, and unique. This is the best way to minimize the risk of cybercrime is to have long, complex, unique, and well-managed passwords. Meeting the minimum password requirements for a password is not enough. Today, an eight-character password is considered weak; the recommendation is at least twelve—and use a mix of capitals, numbers, and symbols. If the app or tool you’re protecting does not allow for 12 characters, make your password as long as is allowed. Also note that replacing letters with digits or symbols (d1git5 & $ymb0ls) does little to make your password more secure, as it is well-known technique by hackers and addressed by most hacking tools.
#2: Use a password generator. Instead of asking people to try to come up with a strong password, you can use a password manager that has a password generator. Those passwords are virtually impossible to crack.
#3: Use a passphrase. If you are unable to use a password manager, use a passphrase, which is simply a longer password. It can even be a sentence with spaces and punctuation. The benefit of passphrases is that typically they are easier to remember but more difficult to crack due to their length. Consider these two passwords: “ArcherPointIsSafe” and “ArcherPoint Is Safe!”. It would take a modern computer approximately 19 days to crack the first password and more than 1,500 YEARS to crack the second because the time increases exponentially with each additional character…a big deterrent to cybercrime.
#4: Use multiform factor authentication. You’re probably seeing this more and more lately. Multi-factor authentication (MFA) is an electronic authentication method that requires two or more pieces of evidence (factors)—typically something only the user knows, has, or is. For example, access to a tool might require a password like you would typically see, plus a code sent via text to the user’s cell phone or generated through an authenticator app. This approach simply adds another layer to the authentication process that would be very difficult for a hacker to guess.
#5: Use a password manager. Keeping track of longer, more complicated passwords can feel inconvenient, but the benefits far outweigh any inconvenience when it comes to preventing cybercrime. Password managers remove any inconvenience without compromising security. In an ideal world, you only remember two passwords: one for your password manager and the other for your computer (if you don’t have advanced security features such as Face ID or Windows Hello). A password manager also makes keeping unique logins simple, reducing the impact if you are compromised.
#6: Check your accounts regularly. It’s important to watch your accounts to make sure they have not been compromised. If you do find out you have a compromised account, change that password and anywhere else that password was used immediately. However, you might not even be aware of your information being stolen and sold on the dark web as companies are not required to contact individuals. haveibeenpwnd is a fantastic website that has been gathering databases of compromised accounts since 2017, which allows you to search to see if your email(s) or password(s) are part of the more than 613 million real-world records. You can also sign up to be alerted when a future data breach occurs, and your account is compromised.
#7: Do NOT use the same password or passphrase in multiple places. A common misconception in the fight against cyber crime is that using the same password or passphrase in multiple places is OK if the password is long and complex. The problem is that you don’t control how your company stores your personal information. If a breach occurs and your data is stolen, you can be a victim of a credential stuffing attack on other websites and platforms.
#8: DO NOT save your password in a browser, Excel spreadsheet, or text editor: If you save passwords in a browser, the only thing someone needs is access to your computer (remote or physical). As for Excel, a blog about “password spreadsheets” in thycotic said it best: “Excel was never intended to be a password manager, so there’s no chance it’s ever going to be the best way to store passwords. Strong mathematical functionality does not equate to strong security. It bears repeating: In the enterprise cyber security world, there is no such thing as an Excel password manager. If you store your passwords in a text editor or in an online email, anyone who can make a backup of your hard drive can get to that information. Even copying and pasting from one place to the other leaves a trail.
The Cyber Crime Fight Starts with Passwords
It is critical to use every resource possible to protect your business against cybercrime. For more tips, read our blog, 5 Ways to Protect Your Business from Cyber Attacks. If cybersecurity is overwhelming or seems too expensive, talk to the experts at ArcherPoint. We’ll help you with a strategy that fits your needs and budget.
To learn more about how you can protect your business from cybercrime, watch our webinar, Demystifying Cybersecurity. In just 30 minutes, you’ll learn how you can start protecting your organization now and what to consider in your cybersecurity strategy, including endpoint management, password health, managed detection/response, backups, disaster recovery, and user education.