04/05/17 | Press Release
May 4th marks World Password Day, a global initiative to raise awareness around password security.
Passwords are the gateway to companies’ private materials, but the importance of password security is often overlooked – which can lead to increased cyber security risk for businesses.
Here are five top tips on how to maximise your business’ password security from Peter Bailey, general manager of specialist cybersecurity consultancy, Aura Information Security:
1. Use a password manager
A good password manager, which is essentially a vault that stores all your passwords in one place and is protected by a master password, will help to make the task setting strong, different passwords for multiple accounts far easier. These password managers rely on you setting a very strong master password, so Aura recommends using a “passphrase” as this master password – that is, a sequence of four or five words. These days, it’s length, not complexity, that makes a good password, so try to choose longer words that aren’t predictable or easy to guess. Fortunately, it will be the lass password you have to remember, as most password managers include password generators to create strong (long and complex) passwords for you, so you’ll never have to look at or type in another password again. There are lots of options out there, ranging from online solutions such as 1Password or LastPass, to the more technical solutions such as KeePass. Most solutions provide mobile apps as well, so you can manage your passwords on your iOS or android devices too.
2. Use two-factor authentication where it is available
Where two-factor authentication is offered (even Facebook offers it days), make use of it. Two-factor authentication combines username and password (factor one) with a second level of verification, like a TXT code to your mobile or a 2FA code generator such as Google Authenticator (factor two).
3. Don’t reuse passwords
If a hacker does manage to access your business password, having the same password for everything could spell disaster. The same goes for employee passwords, sharing passwords between their personal and business accounts increases the chances that the password could be compromised. It’s best practise to have multiple passwords, to minimise the potential impact on your business should one password be discovered.
4. Never disclose or share your credentials
Cyber criminals are getting more and more sophisticated, but in our experience the same types of tricks that have been used for years by hackers are still the most effective – and that is social engineering. In other words, tricking an employee into clicking on an infected link, revealing a user name and password or paying an invoice that looks like it has come from a legitimate source. Perhaps our biggest piece of advice is that good security starts with staff education and effective security policies – and that includes never revealing your passwords to anyone, or including passwords in documentation (emails, work instructions, application user guide etc.).
5. Ensure your employees understand cyber security
Most security breaches can be attributed to employee error…or ignorance. Employees who use weak passwords or use the same password across personal and work accounts can prove to be the weak spot that hackers use to penetrate your business. To ensure your business fosters a culture of cybersecurity awareness, regular training and education is key. If you don’t have a CISO to help lead the charge, there are some great online tools and employee checklists available from sites such as ConnectSmart.govt.nz and cert.govt.nz. Aura also recently launched its e-learning tool, which is designed to provide businesses with the ability to train and educate staff whilst also identifying areas for improvement.