Many small businesses are concerned about suffering a hacking attack but aren’t confident their systems are secure enough to withstand one, revealed a recent survey we conducted of SMEs on cyber risks. There are many different IT security programmes that firms can buy, but SMEs can also protect themselves by taking a few commonsense precautions. One of the simplest is to beef up the security of passwords.
LinkedIn’s recent hacker attack, in which 6 million members’ email addresses and passwords were stolen, is the latest in a string of high-profile corporate data breaches. But it seems that we still haven’t learned the lesson to make our passwords harder to crack. An analysis of the most common passwords stolen by hackers from LinkedIn and posted on the net revealed that “link” was top, followed by “1234”, with “work” and “job” in the top 10 also.
It’s one thing to use a simple, easily remembered password to get into your account on one website. But it’s very dangerous to use the same password across a number of different online accounts, because if hackers get hold of your email address and password from one site they will try it on others. It may not be long before they get hold of your payment card data by trawling across the net. Also, if you use the same password on your work computer it can be relatively simple for a hacker to take control of your business computer system.
Many companies use what is known as “salting software” to make passwords harder to crack in case of a hacker attack. But if you don’t have that yet, you can consider what other steps may help.
For example you can:
• Strengthen your passwords by adding random letters or digits at the front of them. So “password” becomes “4password”, for example. This is effectively what salting software does, so by doing this you’re helping to self-salt your firm’s passwords, if you like.
• Tell everyone in your company to use a combination of letters and numbers in their passwords. A person’s name and date of birth is a common, and so relatively easy password to work out. One containing random characters is almost impossible to crack, but it’s hard to remember too, so a good solution is to use the first letters and numbers of a phrase. For example, using the memorable phrase “My son Peter is 7 years old”, your password is “mspi7yo”.
• Make sure everyone in your business updates their password at least every few months. Disgruntled former employees have been known to steal sensitive data and vital intellectual property, but you can reduce this risk if everyone changes their passwords regularly. So if someone does leave your firm under a cloud they won’t be able to use a former workmate’s password to hack into your system.
Every business, large or small, should evaluate their IT risks. There are different cyber insurance covers available to help protect against the financial and legal costs of an attack, providing a financial lifeline if forced to temporarily shut down.