Back to main site
Warning icon
Warning

ALWAYS PRACTISE CAUTION WHEN USING YOUR PASSWORD

By attempting to enter your password, you just made the same mistake as 49% of small businesses in the UK in 2014 and 20151.

But don’t worry, we don’t have your password – this was a test.

Not only could this have cost you your reputation, it could have cost you your business. The total annual cost of cyber crime against small businesses, over the same two-year period, was around £5.26 billion2.

Read on for more information and top security tips

Passwords: bait for phishers

Did you know that weak, default and stolen passwords contributed to 63% of data breaches over the past year3? Setting up fake websites is one of the most common methods used by hackers to get access to people’s credentials.

Cyber criminals use a method called phishing to steal users’ passwords. This is where they prompt the user to enter their details into a fake login page for something like Facebook, or an illegal website which could look similar to this one. Phishing has increased dramatically in the past year because of its effectiveness as a hacking technique4.

This kind of activity is potentially very dangerous for small businesses. If someone gains access to your network and sensitive data, you’re at risk of being blackmailed. Your business can also be used as an entry path into larger corporations further up the supply chain, meaning that no one is immune as a target, no matter how small their company is.

4 security tips for small businesses

Since 74% of small businesses experienced a cyber security breach last year5, increasing your company’s safety online if you own a small business is likely to be top of your list of priorities. Creating a strong password, and asking your staff to do the same, is one of the first steps towards this. While people often assume that hackers only target larger corporations, small businesses can be attractive to cyber criminals.

For example, you may fall victim to a case of extortion hacking, where sensitive data is accessed by an outsider, who intends to blackmail you by leaking the data.

graph

The following tips are important for all businesses to know how to protect their online identity:

one
Typing in password

Create a strong password... then make it stronger

There’s a lot of password advice on the web, but following the basic rules is not enough to keep us safe from hackers. The key to creating a stronger password is complexity6. All of your company passwords, including your staff's, should include a selection of numbers, symbols, capital and lower-case letters. You should capitalise random letters, instead of just the obvious ones (e.g. 'FAtcAt' instead of FatCat) and avoid using personal information such as birthdays, maiden names and pet names.

And finally, when creating a password, you should always look to use a random sequence of characters. Try creating a sentence to help you remember a series of seemingly unrelated letters, numbers and digits. For example, 'If you Add 4 + 3 that = 7 which is a Prime Number' would equate to the password: iyA4+3t=7wiaPN7.

two
Man using phone while on laptop

Always use a two-step authentication login where possible

Some websites now allow you to use a two-step authentication method, which you and your staff should always make use of. This is where you'll enter a password, but also be asked to go through another step of security using something physical.

For example, they might text a code to your mobile phone, or you might have a key that can be plugged into the USB drive. Asking your staff to do this as well will significantly increase the security of your business network. This is because outsiders would need access to both the text message code or authentication device, as well as the actual password to gain access.

three
Man on laptop

Use a password manager

When running a small business, it's inevitable that you'll have many different accounts that require password logins. But if you're using complex passwords for each account, it might not be possible to remember more than one or two. To get around this, use a reputable password manager like 1Password.

This way you only have to remember one master password, which they'll encrypt. They then create random passwords for all of your accounts. And because they use a browser extension, you only ever need to remember your master password for all your online accounts.

four
Password written down

Be aware of the pros and cons of regular password changes

In theory, regular password changes are a good idea. For example, if someone gets hold of your email password without you realising, they'd be free to log into your account over an indefinite period if your password stayed the same. But if you change it regularly, they'd be locked out sooner or later. Because it's naturally harder to remember new, strong passwords, we might be tempted to create weaker ones that are then easy to guess.

Using a good password manager is the best way to get around this. Make sure your staff regularly change their passwords, and tell them to use a new password every time, instead of the same one with a single digit changed, for example.

For example, they might text a code to your mobile phone, or you might have a key that can be plugged into the USB drive. Asking your staff to do this as well will significantly increase the security of your business network. This is because outsiders would need access to both the text message code or authentication device, as well as the actual password to gain access.

UP