'World Password Day' flooded businesses with password advice - that fell on deaf ears!

With each weekday bringing another new ‘World Day for xxxx’ on social media, businesses can’t help but become a tad cynical.

May 3rd was officially World Password Day – a rather odd thing to celebrate, but nonetheless social media was flooded with advice for businesses on what to do, most of which probably got overlooked by the very businesses that nonetheless hit like and share!

If the advice struck a chord and you thought ‘I’ll check that later’ – it may be worth checking your passwords sooner rather than later.  A report from the British Chamber of Commerce found one in five UK businesses have been hacked.

Hacking attacks are increasing at a phenomenal rate, so having a secure password has never been more important – but most businesses read the advice without putting it into practice.

As a UK leading provider of IT support, ITCS are often shocked at the lack of importance businesses and individuals place on data security, with many businesses thinking ‘it can’t happen to me’.

How easy is it to crack a password?

For your office colleagues, guessing your password may be hard. However for a potential hacker, who will have access to software that will test your site with the annoying frequency of a woodpecker tapping on a window, simple passwords like ‘password’, ‘1234567’, ‘letmein’ and other short, common defaults take seconds to crack.

There is, unfortunately, no foolproof system to make your system 100% secure, proven by the fact that systems like the NHS, top banks and the Pentagon have fallen victim to attacks. However, there is much that individuals and businesses can do to create multiple layers of security that deter all but the most determined attacker – and your password is your first line of defence.

Nobody would want to hack me!

CyberCrime is on the increase, and you don’t have to be someone ‘important’ to be hacked – even a hack to your personal social media account can be devastating.

Often these days, our first contact with a new customer is when they need advice following a hack. Almost all of them ask ‘why would they target me? I’m only a……. (local business/driving instructor/dog walker/local pub etc.)’

The simple answer is, it’s not personal. Much like a car thief will walk around a car park, looking for the cars left unlocked, or a pickpocket looking for someone’s wallet sticking out of their back pocket, hackers use automated tools to scan systems and websites, looking for a vulnerability. There are even websites on the dark web offering free lessons on how to hack. Many overseas hackers deliberately target UK businesses, but good practice will prevent you being a victim.

UK Manufacturers ‘biggest target’ for Chinese hackers

Business owners wrongly assume that hackers only target banks, security services and big payment providers – of course, they do, but their security systems present far more of a challenge, whereas everyday websites and ecommerce systems are a much softer target for overseas attackers.  New research from NTT shows that UK manufacturing businesses are the UK’s most targeted businesses – representing almost half of all UK cyber attacks, with 89% of these hacks coming from China.

 

Passwords can add a layer of security – or leave the door wide open!

We know you probably heard it all last week, but you heard it for a reason – so if you read without acting, take time to act now.

Having a weak password is like leaving the key in the lock – having a strong password adds another layer of security and will usually see a casual hacker move on to find an easier target.

For this reason, at ITCS, we strongly recommend the use of complex passwords, and we advise individuals using your company system to have their own usernames and passwords. That way, it’s easy to keep track of who does what, and also to keep data secure when someone leaves the company. Our IT security specialist, Wayne Harris, advises taking the following steps when creating passwords:

• Make passwords longer – While most password systems allow you to have 8 characters, we would recommend using a minimum of 9 or 10 characters – and your passwords should be changed regularly (we recommend doing this monthly).

• No Names Rule – Passwords should NEVER contain names or usernames, and should also follow the standard ‘complexity rules’. Also, avoid using your kids/dogs/partner names, just far too easy for a hacker to guess, especially as much of this personal information can be found on your facebook page.

• Password Complexity Rules – Strong passwords normally incorporate 3 out of the 5 characteristics:

 Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
 Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
 Base 10 digits (0 through 9)
 Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;”‘<>,.?/
 Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

Guard your password like your PIN

It goes without saying that writing down passwords or sharing them with others is an insecure practice. Guard your passwords like you guard the PIN to your credit card!

There is of course far more to data security than passwords alone – but they are a crucial first line of defence. Why not take 5 minutes and review whether your passwords are secure?

If you have any questions or concerns around computer security, please don’t hesitate to contact ITCS on 08456 444 200, we are always happy to help.