There’s a long list of recent data breaches, many of them large businesses. If it can happen to companies with major resources it can happen to you!
Let’s start by looking at the factors that can lead to accounts being hacked: We’ve placed them in order of importance.
- Reusing passwords. 90% of issues occur because one site gets hacked and the hacked credentials (username, passwords, security questions) and uploaded to “blackhat” databases. Then bots just scan all the popular sites and financial institutions trying stolen credentials everywhere. Security questions don't always protect because they also can be stolen and they also tend to be reused. Remember, hacking today isn't one person trying to log into individual sites. Hackers use very sophisticated systems to test thousands of systems with multiple combinations of stolen id’s and passwords. There are many databases available on the darknet where stolen information can be obtained.
- Using easy to remember passwords. By trying to remember credentials, passwords are reused, leading to the issues detailed in item #1. An average person can only remember 6 to 7 passwords while they may have, on average, 90 online accounts. You can't fit 90 into memory, so you naturally reuse your passwords.
- General carelessness about online security. It’s easy to think that nothing will happen to you as long as it’s not a financial website or app right? Well what happens when a hacker borrows money from your friends on Facebook or using phone messaging to reset password at financial institutions because the phone you lost was not locked.
- Phishing. In many cases, people give their password to hackers who send official looking emails. For example, a hacker crafts an email which looks like an email from PayPal saying you have been sent money. Many people are tricked into entering credentials in there without taking a close look at the email and it’s url.
- Passwords that haven't changed for years. Sometimes, companies may not know they have been hacked. The only way to preemptively combat this is to change passwords regularly. The industry standard is 90 days, but if you even changed your passwords a little less regularly, you are ahead of the game!
- Password complexity. Passwords that are not sufficiently complex are more likely to be vulnerable. A good password nowadays is at least 8 characters with numbers and symbols, it can be human friendly, just not obvious. For example, a password like "No-need-2-overcomplicate" works!
Now that you know the common factors that can lead to stolen passwords and hacked accounts, here are some suggestions for protecting your passwords:
- Use MFA (Multi Factor Authentication) or 2-Factor Authentication whenever possible. When you login you will be sent a text with a verification code to your phone. You can set a browser to “trusted” in some cases for a little added convenience.
- Lock all your phones and computers with a good password or biometric and encrypt storage on your devices such as phones and external hard drives.
- Don't open “phishy” emails or messages and don't enter your credentials into a website hosted on an unrecognized domain. Always look at the “from” email address and domain address.
- Use a password manager. With a password manager, you need to remember one password and the manager will remember everything else for you. Password managers can also rotate passwords automatically on popular services. An additional benefit to your organization is that password managers allow you to manage employee access to your business accounts, Every year we help customers with multiple instances of lost logins and passwords that have not been stored properly. While we can usually help, it’s not always possible, and these days having a secure repository for your business and artist passwords is a MUST!
- If you have former employees that stored passwords locally or mage admin access to accounts, it is better to change those passwords (and start managing passwords with a password manager).
It’s never been more critical to secure your business and personal accounts. If you need any additional information or have questions, please give us a call!