From the Desk of Tim Verrill, Sr., Systems Engineer
For small businesses, the importance of having robust passwords is extremely important. Not only do business owners need to ensure their mission-critical data is safe in order to minimize company downtime, they also need to be doing everything they can to protect their clients’ personal information, which may be stored on the company’s system, whether it is on a local server, laptop or cloud service. Small businesses often find themselves in the hackers’ crosshairs, due to the fact they typically don’t have the resources to support a dedicated IT security team. Cybercriminals are well aware of this – in 2019, 43 percent of data breaches involved small business, according to figures from Verizon.
Too often, when a password is shared with our support personnel, it is weak and/or easily guessable by hackers. Examples of weak passwords can be a user’s name, the season, names of children, a phone number or contains the business name in it. Weak passwords always play a major role in any hack. They can be guessed or an attacker can use brute force if the length of the password is short. Brute Force is an automated process, not necessarily by a hacker actively trying to access your systems.
Many passwords are used with more than one account. If an online account is compromised by a breach, hackers attempt to use the credentials with other services. Most know what they ought to be doing: for each site you visit, you should be choosing a different, complex sequence of letters, numbers and symbols. Do you? Do your employees? Do you have a password policy? How do you know it is being adhered to? Business Leaders should know the answers to these questions.
So, what can a business owner or leader do to protect their assets and client information? Start with a password audit by Eagle Network Solutions. It will show the strengths and weaknesses of your password policies and where you can make improvements.
Ask us for a sample “Password Policy” your organization could implement and place in your associate handbook.
Also consider our Dark Web Monitoring Service. Over 150 million users had their passwords hacked last year. We partnered with an industry leading 3rd party for use of their program which scans the Internet for stolen password data posted by hackers. We let you know if we spot any of your companies e-mail addresses in a security breach. We would also be notified as soon as your credentials are posted on the dark web to buy you time to change your password before it’s used to try to gain unauthorized access.