In order to protect your data and accounts, you must think like the enemy…
We’ve said it a million times before and we will say it again: hacking is on the increase. And it’s getting scary.
These attacks will cost us all money in the long run. McKinsey & Company estimates that cyber attacks will slow the pace of technology and business innovation over the next few years and cost the economy as much as $3 trillion annually.
So, doing your part to try to take down the cyber criminals should be a priority for all of us in business and in our personal lives. To do that, however, we have to get into the mind of a hacker. We need to be able to analyze and then recognize the security gaps they’re looking for.
One of the most important steps to take is a strong password. Being sure to change it often, and creating passwords that are strong and effecting are going to save your business. Also, general security measures that should be taken are sometimes in the back of our mind. Cyber criminals know we have all picked up some bad security habits over the years. Here’s what to avoid…
- The “short & simple” password
They’re easier to remember, perhaps, but in terms of data security, a short and simple password is also far easier to hack with what are called brute-force attacks. This is when all possible keys or passwords are tried until the correct one is found. Choose passwords with more than eight characters and adding “special characters” (such as capital letters, symbols etc.). Or better yet, a truly random password.
2. The “swipe my finger across my keyboard” password
A recent investigation of 15 million accounts by hosting platform WP Engine revealed an odd habit. While many people had seemingly random passwords (such as “qaz2ws” or “asdfghjk”), they’d chosen them by typing simple patterns on their keyboards. But beware: password crackers such as Passpat use keyboard layouts and clever algorithms to measure the likelihood that a password is made from a keyboard pattern.
3. The “just take a look at my social media” password
Being sentimental old fools, we’re very likely to create passwords from details of our own lives – such as our birthdates, pets, mother’s maiden name, favorite football team and so on. However, this leaves us vulnerable to what’s called social engineering, where many of these details are also available on social media (e.g. Facebook). This makes it simple for hackers to sift through these biographical clues and work out the ‘base phrase’ that you’ve based password on – and then gain access via what is called a dictionary attack. Only random words – or, better still, randomly generated alphanumeric sequences – are truly safe enough.
4. The “numbers as letters” password
Many of us attempt to build entropy by choosing a simple phrase – and then complicating it by using a combination of upper and lower case letters or using numb3r5 f0r l3tt3r5. But analysts found that even supposedly sophisticated passwords used obvious base phrases such as “password” or “qwerty” as their base. Which is all hackers need. Purpose-built password-breaking software is capable of taking 300,000 guesses at your password a second. By taking common base phrases like these and trying obvious variations and permutations.
5. The “I like to work in coffee shops” technique
Jumping on the free WiFi connection your local coffee shop, at the airport or even in your building seems innocuous – but it can leave you vulnerable to a method of hacking known as a man-in-the-middle attack. In simple terms, this is a situation where a malicious eavesdropper (the “man in the middle”) is able to read (or write) data that is being transmitted between you and the website you’re browsing. Meaning your data, emails and keystrokes could be intercepted without you knowing. Eliminate the risk of this by avoiding Wi-Fi connections that aren’t yours and deleting these networks from your devices – but also make sure your Wi-Fi connection is secured with a unique, private password.
6. The “I don’t use that email anymore” excuse
It’s understandable that many of your login details will still be stored on your main email account in the form of the signup emails you were sent when you joined. But what happens if that email is compromised? For the hacker, your email is a goldmine. It’s important to delete your old accounts you no longer use. Services like Unroll.me will quickly identify unwanted subscriptions and unsubscribe you from dormant accounts.
Get a free cyber security quote and see where you stand now. Or if you would like to talk to us directly, give us a call at 508-790-4171 or email us at hello@imediatech.com
