Research from The National Cyber Security
Centre found that there are significant gaps in password protection knowledge in the UK, with only 15% of survey respondents admitting to having sufficient knowledge about how to protect themselves.
New technologies such as biometric and facial recognition have the potential to change the way we protect our digital identities, but are not yet considered mature enough to serve as a single authentication factor for critical business data. With that in mind, businesses cannot afford to let their security guard down while they wait for these new technologies to mature, potentially giving unwanted access to their vital company and customer data. Instead it’s hugely important that all businesses create alphanumeric passwords that are unique for each service, secure and give businesses as much protection as possible.
Here, Jochen Haller, Head of Information Security at 1&1 IONOS, shares his top tips to achieve a secure business password protection strategy.
No two passwords
should be the same
Vary the password for each business, social media, banking or storage account. Businesses don’t often spend significant effort or time on password creation and management, falling foul of some of the most common password security mistakes. Recent research from GMX found that 64% of people use the same password for some, or even all, of their online accounts, while only 21% use a different password for each of them.
phrases and multiple factors
The 2019 GMX study also revealed that 9% of respondents had never even changed their main e-mail account password, leaving them increasingly vulnerable.
A password should be memorable but still secure. This can be achieved with passphrases, where users create longer sequences of dictionary words, featuring lowercase and uppercase letters, as well as sprinkling in some special characters. These are easier to remember than short, complex sequences and harder to break with the password crackers criminals currently use.
Another option to consider is using a password system, where one strong master passphrase is varied slightly across accounts. This helps you to remember the main elements of a password without compromising security. For example, the passphrase could be ‘ILikeBuy1ng[insert word]AllTheT!me’, with a key word inserted which you relate to that site. For example, if you regularly purchase stationery for your SME from a particular website, include that within the passphrase: ILikeBuy1ngPensAllTheT!me
Make your passwords difficult for others to guess – don’t base them on trivial passwords or on information that can be easily discovered online, for example a business street name or number. Too often passwords lack inspiration and the key to a strong password is creativity. The National Cyber Security’s review of the top 100,000 passwords to be unlocked by online fraudsters found that 23.2 million people used the trivial ‘123456’ as their password, gifting hackers easy access.
randomly generated passwords and a password manager
The best passwords are randomly generated with no relation to the owner. So use local password managers such as KeePassX or Cloud services such as LastPass, Dashlane or Avast to help generate unique passwords for you.
Creating passwords that successfully tick all of these boxes can feel daunting, especially with the number of online services businesses need to use; one in three respondents (30%) of the GMX survey stated they used 10 or more services with e-mail and password login, which can make remembering passwords a headache. However, there are tools that can support this.
Implementing password managers, where you can store passwords in an encrypted form and access them by a master password is a simple way to strengthen business security. Depending on the chosen tool, these can also sometimes generate passwords, removing the need for the user to create and remember their own.
In addition, an effective approach is to set up two-factor authentication to add another security layer. Here, the user provides two different authentication factors to verify their identity and better protect both the user’s credentials and the resources being accessed. Usually this includes a password and a second factor such as a security token or a biometric element (facial scan or fingerprint).
Re-evaluating your current password strategy and regularly updating to new stronger passwords helps to implement a proactive approach to password security. Passwords should be flexible and unique to each account and avoid predictability, and implementing this strategy will be beneficial in keeping your business protected. While criminals are constantly uncovering new ways to access sensitive data, this can help keep your business safe, an important priority for any SME.
For more information on how to protect your business online visit: https://www.ionos.co.uk/digitalguide/server/security/password-security/