Are you still using PASS123?

Protect your business from criminals by choosing strong passwords, warns IASME


How easily could a criminal guess your password?


According to IASME, just five hours for a standard office computer if you’ve used your name, date of birth or favourite band. If you’ve used something as obvious as password1 or 12345678, it could be a matter of seconds.


And should that password give a hacker access to your email account, they would be able to change the passwords on all the accounts linked to it, by clicking “forgotten your password?”


Not only could criminals access your profiles, view your data and steal your private details, but they could lock you out and demand money from your organisation to let you back in.


IASME explains, “Cyber criminals can use computers to guess people's passwords and break into their computers in what is called a brute-force attack. The computer will try every combination of letter, literally working through the dictionary till they have found the words that work. Some programs are sophisticated enough to search logical substitutions such as '4' for an 'A' , 'I' for '1' etc.”


Indeed, criminal cyber activity could remove your whole team’s access to files and databases; CRM systems or social media accounts, costing huge amounts in terms of resource, downtime and reputation.


But as IASME goes on to explain, the best way to protect yourself, your team, and your brand reputation is to create strong passwords.


IASME comments, “The National Cyber Security Centre has a great deal of useful advice about passwords. They recommend that you use three random words which you can remember but do not naturally go together. It is also a good idea to use numbers and special characters (*&%F£) in your password, as well as a combination of upper- and lower-case letters. The longer your password the better. It is recommended that you select long passwords for your admin and other crucial systems' accounts (i.e., email account, banking account). Do not share your password with anyone, this is private information.”


It is worth using a recognised and trustworthy password manager when needing complex passwords for multiple accounts, which is often the case in the business environment.


IASME further explains, “You can use a piece of software called a password manager. You may have noticed that your browser already asks you if you'd like it to create and store passwords for you. This is a browser integrated password manager and is safe to use for personal use, however there are security issues linked to this kind of password manager.


“It is recommended you use an independent, stand-alone password manager such as Last Pass or Dashlane. Do some research on third party password managers and use the one you think is the safest. It is often as simple as downloading their software from their website and signing-up with your email address. You will then only need to remember one really good complex password to the password manager itself and after that, the password manager will remember your usernames and create and remember extremely secure passwords for each of your accounts.


“It will be able to operate across multiple devices and on different browsers, it can also be asked to remember additional information such as addresses, Wi-Fi codes, credit cards, passports; all organised and encrypted. Password managers provide an option to configure multi-factor authentication to provide another layer of security.”


With all your three random word passwords saved in a trustworthy password manager, you’ll be considerably safer from being hacked by a criminal, and you can be more confident that your personal details attached to work accounts such as your date of birth, bank details and private messages will be protected from prying eyes.


Another way to help keep your logins safe is to turn on two-factor authentication.


IASME suggests, “Another great way to add a layer of security to your password is to use 2 factor authentication (2FA) or multi-factor authentication (MFA). This process is being used more and more and involves using your fingerprint, retina scan, or a code being sent to a separate device e.g., your mobile phone to further verify your identity. If you have the option for 2FA or MFA, use it where possible.”


So, in summary, here are three quick to-dos for you and your team:

1) Change your email password to three random words, and then change each of your other account passwords too.

2) Save all these new passwords in a reputable and trustworthy password manager

3) Turn on two-factor authentication in the settings of your accounts


We hope this guidance has been helpful. If you’d like to learn more, make sure you sign up to the NEBRC for FREE and we’ll send you a fortnightly update with carefully chosen how-to guides and tip-offs about scams to look out for.


IASME helps businesses to gain Cyber Essentials certification in a government approved scheme. This indicates that your company is following best practice when it comes to cyber security and can be trusted when working with others. For large contracts and public sector projects, it is often a pre-requisite for submitting a tender. You can find out more on their website: https://iasme.co.uk/cyber-essentials/