I was a teenager working a part-time job when my new boss gave me a brief tour of the facility, culminating in the security door at the back of the building. The code, he strictly instructed me, must be memorized because we don’t want thieves getting inside. That code? 5-4-3-2-1.
While you may scoff at the simplicity of that password, hackers likely don’t think the ones protecting your small business are much harder to crack.
Would You Like A Password That Can Be Cracked in 1 Minute, 13 Months, Or 200 Years?
According to research data, passwords consisting of six lowercase letters such as” monkey” without numbers or additional characters can be cracked by a hacker in as little as 0.29 milliseconds.
Simply adding a two-digit number in to make it “monkey 98” bumps the time to crack it up to 2 days, 21 hours Put an extra random character in front of it, making it “^monkey98” and the time to crack turns into a lifetime – 66 years. Yet we continue to use the simplest phrases and most easy-to-remember combinations to protect our most vital data.
Hackers Are Looking For Something that You Won’t Notice They’ve Taken
The ironic part of that is that hackers aren’t even out there trying to crack your mainframe for company secrets or stored credit card numbers. In fact, they’re up to something far more insidious that you might not notice for years, or maybe never.
Stealing credit card numbers isn’t really the main goal for elite cyber criminals anymore. There’s a short limit to the life of stolen credit card details before their usefulness expires. With credit-card security running at maximum power online, the first suspicious transaction sets off a chain reaction of events that ends with the card owner cancelling the card within hours, sometimes even minutes of the purchase.
No, the golden goose behind your easily-picked passwords is personal information; the kind kept by your human resources manager detailing every employee’s name, national insurance number, income data, address, phone number, and birth date. Throw in a picture ID and a driver’s license number and it’s a criminal’s paradise – the perfect collection of data to do literally anything with you and your employees’ personal information:
- Open a bank account
- Open a credit card
- Get a passport
- Get a driver’s license
- Fill medical prescriptions
Anything they need, doing it without tripping a single security wire anywhere. And what is the main weapon employed by these cyber-thieves? Your laziness. Lazy passwords get hacked. Strong, ever-changing passwords don’t.
Cyber Defences Alongside Education and Reinforcement is the Best Protection
Technological cyber defences have their place, and we’re by no means suggesting you don’t need them. We still recommend you have firewalls, antivirus, DNS monitoring, etc. However, it’s also vitally important that you train yourself and your employees on the human side of cyber security. That starts with using passwords that are a healthy combination of upper and lowercase letters, symbols and numbers. Change them once every 30 days to keep your data safe and cyber-criminals locked outside of your walls.
Educating employees starts with a security policy. Contained in the download below are the areas you need to focus on, where employees are most likely to slip up and compromise the business: