Just what is it that liverpool, everton, manutd & chelsea have in common with superman, password and jessica?
Well, along with an honourable mention for the humble post-it note stuck to the monitor, they’re at the top of the list of 100,000 most commonly breached passwords published by the UK’s National Cyber Security Centre.
And yes, as well as those common names. 123456 appeared in the list over 23 million times!
So what is it about passwords and just why do we find it so annoying to use them correctly? After all, you wouldn’t make a copy of your house key and slip it into every passer-by’s pocket would you? And yet, that’s what millions of us are unwittingly doing by using easy to guess passwords. Because, let’s face it – there’s a lot of bad people out there that would just love to snoop around your data.
It could cost your business dear. It could empty your personal bank account. It could get you very unwelcome attention from your industry regulators and it could ultimately put you out of business!
If you’re on the road to CyberEssentials Certification then you should know that you’ll need to have users logging into systems through unique passwords, that passwords should be strong enough to pass casual probing and that you don’t rely on using default passwords configured by manufacturers.
If you don’t know why this is a bad idea then please book a no-obligation call with us, we hate to see the hackers win so will happily give you some starting advice entirely free of charge on the call!
We’ll talk about passwords all day if you let us but for now, just take a look at our top tips to help keep you safe & secure.
- Keep it Unique. Please don’t re-use passwords, that just makes it easier for the bad guys. If your credentials get leaked by say, an online shop, the first thing the cyber-criminals do is try that username/password combo in as many places as possible on the chance that it’ll work. So don’t make it easy for them.
- But we know it’s not easy remembering passwords. So use a Password Manager to generate strong passwords and do the hard work for you. You’ll need to remember just one really, really strong password for the Manager of course but that’s far better than using variations on an – easily guessable – theme for all your logins.
- If nothing else, make your email password stronger than run-of-the-mill logons. We’d love it if you made everything nice & secure but if you’re not up for that, then at least do take special care with your email account logins. Because these are the ones that the hackers just love to get their hands on. If they can access your email, then they can send password reset emails from other services. Before you know it, they’ve got access to every aspect of your business, professional & personal life. That can take some serious untangling, worse still if they go down the Identity Theft route.
- Set up 2FA or Multi-Factor authentication for important (often financial!) systems. That way, if one set of data is compromised, the hackers don’t have the full set required to gain access.
- Don’t be predictable with your choice of passwords. Just look at those common examples we started out with! Look up the NCSC’s Three Random Words guidance.
- Please don’t write it down. We’ve lost count of how many times we’ve seen notes on office desks containing the password for the most critical of business systems. Not all visitors are honest, sadly the same applies to staff! If you do want to keep a written record of essential passwords then do make sure it’s in secure storage under lock & key.
- No need to change. There’s no need to confuse staff with regular password changes & enforced resets. It doesn’t really bring much real-World benefit. Just do it immediately if you suspect a system’s been compromised.
Good password-sense, good policies, aware staff and a combination of authentication methods including biometrics will all help keep your IT safe. Passwords are an important part of the 5 key technical controls that make up the Cyber Essentials certification standard and what you’ve read here is just a starting point.
If you’d like to not only make your systems more secure against the myriad of cyber threats out there but also be able to demonstrate it when submitting tenders, then contact us or book a call below and we’ll tell you more. No obligation, so let’s chat.
Book a Call with a Cyber Essentials Assessor
Check out Rory’s availability using the calendar below. A zoom link will be sent to you once you have confirmed your appointment. We look forward to meeting you!