sb-nz logo
Story image

Aura Information Security’s password tips for World Password Day

03 May 2018

What’s in a password? A lot, actually. Your passwords are the gateway to you and your company’s most important documents and assets, so they should be considered carefully. However, despite being the access point to crucial and sensitive data, the importance of password security is often overlooked.  

This year’s annual World Password Day falls today, Thursday 3rd May 2018, and marks an opportunity for Kiwi individuals and businesses to assess their password security. World Password Day is a global initiative to raise awareness around password security, and ultimately make the internet a more secure place.

Peter Bailey, general manager of specialist cybersecurity consultancy, Aura Information Security, shares his tips on how to maximise your business’ (or your own!) password security this World Password Day:

Choose a strong password

You might feel tempted to finish the admin of setting up new services and accounts quickly, but choosing a strong password is one of the most important steps in the process. Don’t rush into choosing any old password, as it’s likely to end up being weak (and possibly difficult to remember).

What actually makes a strong password? In the past, it was thought that a combination of capital and lowercase letters and numbers made for a hard to crack password. But in late 2017 it was revealed that this actually isn’t the case. Instead, you should choose a phrase or string of words that’s easy to remember for you, but difficult to guess for hackers. It could be your favourite song title or lyrics, or your favourite food.

Once you’ve chosen your password, don’t reuse it 

Another easy trap to fall into is that once you’ve chosen that strong password, you start to reuse it elsewhere. We’re only human, so remembering multiple different passwords for different accounts can be tricky.

But, if a hacker does manage to access your business or personal password, and it’s the same across all of your accounts, this will give them access to everything.

Likewise, if employees share passwords between their personal and work accounts, this increases the chances that your business could be compromised.

With multiple passwords, you greatly minimise your risk. Encourage your employees to have different passwords for use on their personal devices and work devices, so that if questionable security practice at home is breached, it doesn’t affect your whole business.

There’s an easier way to remember all those different passwords

One way to combat the issue of remembering multiple different passwords is to use a good password manager. Basically, a password manager is a vault that is protected by a master password and keeps all your passwords in one place. A password manager requires you to set a strong master password.

We encourage you to use a ‘passphrase’ – or sequence of four or five words – as your master password. It’s length rather than complexity that makes a good password, so choose long words that aren’t predictable. Luckily, your master password will be the last password you have to remember, as most password managers include password generators to create strong passwords for you automatically. 

There are lots of options available, ranging from online solutions such as 1Password, to more technical solutions such as KeePass. Most offerings provide mobile apps as well, so you can manage your passwords on your iOS and Android devices too.

Don’t be tricked into disclosing your credentials

It may seem to go without saying – you would never willingly share your password with a cyber hacker -  but cyber criminals are constantly becoming smarter and thinking of new ways to make you part with this information before you even realise you’ve done it.  Social engineering is a key example of a trick that has been used for years, but that continues to be effective even though we’re aware it can happen.

Common ways that hackers utilise social engineering include convincing or tricking people into clicking on infected links, or paying an invoice that looks like it has come from a legitimate source. With that said, one of Aura’s biggest pieces of advice is that good security for businesses starts with staff education and effective security policies – and that includes never revealing your passwords to anyone, or including passwords in documentation (emails, work instructions, application user guide etc.).

Educate your employees and foster a cyber-aware culture

Most security breaches can be attributed to pure human error. We’re not perfect and employees can’t be expected to be experts on cyber security, but ensuring that the basics are covered is a great start. 

Teach your staff how to create strong passwords and encourage them to use different ones across different platforms, as well as between work and personal devices. Fostering a culture of cyber security awareness, supplemented by regular training and education is hugely important. If you don’t have a dedicated cyber specialist to lead these sessions, there are quality online tools available.

Link image
The importance of data resilience in the current cybersecurity climate
Protecting an organisation's data is one of the most crucial functions of any CISO. Strategies should be in place where data is stored securely and cost-effectively.More
Story image
How cyber-attackers use Microsoft 365 tools to steal data
Vectra security research has recently identified how cyber-attackers use Microsoft Office 365 tools against organisations to steal data and take over accounts.More
Story image
Video: 10 Minute IT Jams – A glimpse inside a ransomware cell
This is our second IT Jam with SonicWall senior manager of product marketing Brook Chelmo, and in this video Brook walks us through his one-on-one experience with a member of a ransomware cell. More
Story image
SOC as a Service: Fortinet’s answer to today’s network challenges
Jon McGettigan, Fortinet A/NZ Regional Director, explains how SOC as a Service can back up your current SOC team, fast-track deployments and ensure regulatory compliance.More
Story image
Securing SAP to ensure better operational security
Securing information and systems is a process that needs to start long before these vulnerabilities are exposed to help limit potential risk and impacts, writes Acclimation managing partner Cameron Sherrard.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More