The 6th May marks World Password Day and it is a good reminder for all businesses to consider how secure their accounts are. Account compromise is a common cyber-attack that allows cybercriminals to exploit data and launch further attacks. Over-used and weak passwords are still a common mistake when it comes to business security. So if this is happening in your business, it’s time to build your cyber resilience through better password practices. Starting from today! 

Creating Strong Passwords

Passwords should contain a mixture of random upper & lower case letters, numbers, and symbols. Remember that for many accounts, the space bar is an optional character also and can be used to strengthen passwords. The longer the password the more secure it is. Try to keep passwords to 8 (at least) or more characters.  

Each account should have a unique strong password. This is where password managers become an essential tool for your business security. It would be impossible for your workforce to remember strong passwords for every business account you own. A password manager allows staff members to quickly generate strong passwords and save them safely. All the staff members need to do is create one unique strong password for their password manager account. 

Change Default Passwords

Whenever you have a new device such a a router or laptop, ensure that the default password is changed straight away. Default passwords are widely available on the internet and so leave your devices exposed to an attack. 

Turn on Two-Factor Authentication

Turning on two-factor or multi-factor authentication provides extra layers of protection on your accounts by creating an extra step in the login process. This can be a code sent via txt or using an application like Google Authenticator. This means if your account details are exposed then the cybercriminal will be stopped in their tracks when trying to login. Two-factor or multi-factor authentication should be turned on as many accounts as possible, including your password manager accounts.  

Account Access

Do you have the right policies and processes in place to ensure your staff only have access to the accounts they need? Many businesses make the mistake of overly sharing credentials with team members that do not need access to the accounts. This leaves data vulnerable to human error or malicious acts from disgruntled employees. Ensure that accounts access is regularly audited. Password managers are a great way of understanding what accounts each member of staff has access to also. 

Dark Web Monitoring 

Dark web monitoring is a service that checks if your business credentials have been exposed on the dark web. If any have been identified, businesses will be alerted so you can protect those accounts. Stolen credentials are sold on the dark web to other cybercriminals looking to compromise important data.  
 
We understand that cyber security can feel very complex and confusing for small to medium businesses and it is not always clear where best to invest your time and resources to build your resilience. Book a time to chat or contact us here. Our IT Specialists can walk you through options that are suitable for your business. We don’t believe cyber security should be a one-size-fits-all approach, we will take the time to get to know your business so we can give you the best advice and guidance.