#2) Using the Same Passwords
More data breaches are a result of insufficient passwords than any other method. This is particularly true on the admin side, where the administrator may have access to all company records.
The days of creating “easy to remember”, passwords should be over. But in reality, it’s human nature to take shortcuts. And when it comes to passwords, “the easy way” can seriously put a company at risk.
If employees have not been educated on password security, the company is at risk of a data breach. All companies, both large and small should have guidelines and standard operating procedures around the use and reuse of passwords.
Password Security 101
- Did you know…in just 10 minutes, a hacker can crack a 6-character password using only lowercase letters?
- Did you know…if you increase that password by just two letters and a few uppercase letters randomly incorporated throughout the password, it would take a hacker three YEARS to crack the code?
- Did you know…you can create a password that would take more than 44,500 years to crack by simply making your password 11 characters long and including both symbols and letters?
- TIP: How secure is my password? Get a general idea on how secure your password might be with Roboform’s password security tester. (To be on the safe side, the site referenced above analyzes passwords based on the combination of letters, numbers and symbols, etc. You do NOT need to enter your specific password. For example, if your password is ABc45*, enter CDz64# and this website will give you an idea of how safe that combination is.)
- Encourage use of password managers such as Last Pass, Roboform or Keepass to generate random passwords and keep track of them for each new account – so employees don’t have to.
- For critical resources, passwords should be changed every 90-180 days, enforcing the rules of complexity referenced above for all new passwords generated by the user.
#3) Failure to Plan for the Unexpected
We’ve discussed the importance of disaster recovery for businesses at length on our website. By going through a proper disaster recovery exercise, you can be certain:
- The RIGHT data is backed up.
- You know how to USE that data in the event of a disaster.
Many people make the mistake of assuming data backup, disaster recovery and business continuity are one in the same, but they are in fact very different.
#4) Thinking Your Business Size Makes You Immune
“We’re a small business. We’re not likely a target for hackers.” Do you believe this common misconception? Don’t think a data breach won’t happen to you. Some companies, SMBs in particular, believe they are immune to IP theft or cybercrime because they feel only larger organizations like Sony will be targeted.
But according to Symantec, 31% of targeted attacks focus on businesses with fewer than 250 employees. Familiarize yourself with the fundamentals of cyber security as a first step toward strengthening your network.
#5) A “Set It and Forget It” Mentality
IT hardware and software requires routine maintenance and adjustments. Think of your IT infrastructure as you would your car. If you don’t put oil in your car, the engine won’t operate as it should.
Both software and hardware need ongoing care to ensure peak performance. With software in particular, it is important to install security patches whenever they are available. If support for a system ends, like the Windows XP operating system, security holes may exist and this is exactly what hackers will target.
Once a security hole is found, (often within the hours immediately following the release of a patch) it is exploited very quickly, so be sure to install security patches as soon as possible. Unpatched computers pose a huge risk to the company network by providing an open window for hackers and virus writers to exploit.