What’s in a password? A lot, actually. Your passwords are the gateway to you and your company’s most important documents and assets, so they should be considered carefully. However, despite being the access point to crucial and sensitive data, the importance of password security is often overlooked.
This year’s annual World Password Day falls today, Thursday 3rd May 2018, and marks an opportunity for Kiwi individuals and businesses to assess their password security. World Password Day is a global initiative to raise awareness around password security, and ultimately make the internet a more secure place.
Peter Bailey, general manager of specialist cybersecurity consultancy, Aura Information Security, shares his tips on how to maximise your business’ (or your own!) password security this World Password Day:
Choose a strong password
You might feel tempted to finish the admin of setting up new services and accounts quickly, but choosing a strong password is one of the most important steps in the process. Don’t rush into choosing any old password, as it’s likely to end up being weak (and possibly difficult to remember).
What actually makes a strong password? In the past, it was thought that a combination of capital and lowercase letters and numbers made for a hard to crack password. But in late 2017 it was revealed that this actually isn’t the case. Instead, you should choose a phrase or string of words that’s easy to remember for you, but difficult to guess for hackers. It could be your favourite song title or lyrics, or your favourite food.
Once you’ve chosen your password, don’t reuse it
Another easy trap to fall into is that once you’ve chosen that strong password, you start to reuse it elsewhere. We’re only human, so remembering multiple different passwords for different accounts can be tricky.
But, if a hacker does manage to access your business or personal password, and it’s the same across all of your accounts, this will give them access to everything.
Likewise, if employees share passwords between their personal and work accounts, this increases the chances that your business could be compromised.
With multiple passwords, you greatly minimise your risk. Encourage your employees to have different passwords for use on their personal devices and work devices, so that if questionable security practice at home is breached, it doesn’t affect your whole business.
There’s an easier way to remember all those different passwords
One way to combat the issue of remembering multiple different passwords is to use a good password manager. Basically, a password manager is a vault that is protected by a master password and keeps all your passwords in one place. A password manager requires you to set a strong master password.
We encourage you to use a ‘passphrase’ – or sequence of four or five words – as your master password. It’s length rather than complexity that makes a good password, so choose long words that aren’t predictable. Luckily, your master password will be the last password you have to remember, as most password managers include password generators to create strong passwords for you automatically.
There are lots of options available, ranging from online solutions such as 1Password, to more technical solutions such as KeePass. Most offerings provide mobile apps as well, so you can manage your passwords on your iOS and Android devices too.
Don’t be tricked into disclosing your credentials
It may seem to go without saying – you would never willingly share your password with a cyber hacker - but cyber criminals are constantly becoming smarter and thinking of new ways to make you part with this information before you even realise you’ve done it. Social engineering is a key example of a trick that has been used for years, but that continues to be effective even though we’re aware it can happen.
Common ways that hackers utilise social engineering include convincing or tricking people into clicking on infected links, or paying an invoice that looks like it has come from a legitimate source. With that said, one of Aura’s biggest pieces of advice is that good security for businesses starts with staff education and effective security policies – and that includes never revealing your passwords to anyone, or including passwords in documentation (emails, work instructions, application user guide etc.).
Educate your employees and foster a cyber-aware culture
Most security breaches can be attributed to pure human error. We’re not perfect and employees can’t be expected to be experts on cyber security, but ensuring that the basics are covered is a great start.
Teach your staff how to create strong passwords and encourage them to use different ones across different platforms, as well as between work and personal devices. Fostering a culture of cyber security awareness, supplemented by regular training and education is hugely important. If you don’t have a dedicated cyber specialist to lead these sessions, there are quality online tools available.