A stronger lock wards off attackers. Source: Unsplash/dizzydizz

Michael McKinnon

‘Criminals are looking for the easiest payoff’: Six quick fixes to boost your cybersecurity

Michael McKinnon
Cyber Security
4 minute Read
Passwords aren’t new. For as long as we’ve tried to share secrets or keep intruders out, we’ve been using codes to ensure only the ‘right’ people can access our precious information. But the world is becoming far more complex, with most businesses having to manage staff access to dozens of apps, services and websites secured by passwords
Every successful cyber attack starts by accessing a computer that the criminal should not be able to log in to. Cyber-attackers rely on stealing or cracking passwords in order to break into business systems, bank accounts and online services. From there, it’s relatively easy to steal data which can be used nefariously or, more simply, to extract ransom money. Here are six key tips for businesses struggling to manage their password security. 

1. Encourage staff to use complex passwords

The simple rule for passwords is ‘longer is stronger’. Instead of using a word, encourage your employees to use a phrase. ‘JackAndJillWentUpTheHill’ is more difficult for a password cracker than ‘JackJillHill’. But an even harder password to crack is ‘KHLGSDJyjw49560[98s*&_()*{w’. This is because many password crackers use a dictionary to try passwords. By avoiding actual words, your business can make their task significantly harder. Provide guidance to employees on how they can apply the strongest defence. 

2. Never reuse passwords

As a rule, criminals are usually looking for the easiest payoff. Like the thief that sees a phone on a car seat and can quickly smash a window and make a run for it, cyber criminals are looking for quick ‘wins’. Criminals share stolen passwords. If you use the same password across multiple services and it’s stolen in one attack, all your user accounts are at risk. Use a different password for every user account so the fallout of one attack is limited.

3. Use a password manager

Applying the first two tips is hard — unless you use a password manager. This is a program that securely stores all the business’ passwords and enters them automatically when a program or website asks for them. Most password managers have a password generator built into them, which can help your team generate long, complex passwords and ‘outsource’ remembering them to the password manager.
There are many password manager apps on the market to choose from. Apple has its own called Keychain Access and Google has a password manager built into the Chrome browser. Others such as 1Password, LastPass and Dashlane are also popular. Be sure to choose one from a reputable company that you’ve heard of.
Your password manager will rely on management knowing one password — the master password to its password vault. You can write this down and safely store it, but not on a sticky note on your screen or under your keyboard. 

4. It’s not all up to users

Successful password management is a team effort. As well as supporting users with the tools to help them create and save strong passwords, monitoring systems that detect signs of intrusion are a must-have for businesses. These systems detect when passwords are being used in unexpected ways — such as team members based in Brisbane who work from 9am to 5pm suddenly logging in from Ukraine at 3am.

Many password manager tools can separate business and personal identities so that if someone leaves the business they can take their own personal passwords with them.

Become a SmartCompany Plus subscriber to keep reading

Get your first 30 days FREE with the promocode 30FREE
Subscribe now
Already a Plus member?