It's no surprise how easy it is for hackers to gain access to password information when one considers the research on this subject. According to a report by Infosecurity Europe, 65 percent of workers use identical passwords for different purposes including personal banking, websites and access to corporate applications. Many people make it easy for hackers by using easy-to-guess passwords: the top five passwords are password, 123456, 12345678, abc123 and qwerty.
As a business manager or owner, your company's information assets can be accessed, misused or stolen by the inadvertent actions of your employees. Below is a list of recommendations to mandate within your company, so that you can avoid becoming a hacker's next victim:
1. Public computers should not be used to check company email. Hackers today add Keylogger to public computers such as airports and Internet cafes and can easily capture your employees' username and password information.
2. Employees need to be careful when using free Wi-Fi. You and your staff should resist the temptation to use public WiFi. Hackers can easily hijack one's account and access email, social media accounts and even online banking. If your employees have no other option you should consider deploying a VPN service such as privateinternetaccess.com. Also enable SSL (traffic encryption) when available. It is an option on most public email offerings such as Gmail.
3. Avoid listing employee email addresses publicly. Cyber criminals troll for email addresses and then use a variety of techniques to hack into account. Don't make it easier for the hacker by giving them your company's email directory.
4. Create strong passwords and don't use the same password for different accounts. A password at one site or email address is a gateway for further hacking. In particular, when it comes to online banking or other core business activities, make sure that unique passwords are used for each financial institution. Here are some basic guidelines for passwords: Ideally, they should be long, complex and combine letters, numbers and special characters. Tools like Lastpass, Roboform & 1pass provide the option to generate strong passwords and store them in the cloud for easy access across multiple devices (be mindful of a strong master password when using these tools though). In addition, employees should be mandated to change their passwords periodically. The longer one use the same password, the greater the likelihood that it be exposed and end up in the hands of hackers. We suggest changing password every 90 days or even more frequently.
5. NEVER share passwords with anyone. Employees should avoid sharing password information with colleagues, friends or even loved ones. Modifying online behavior is hard enough, controlling the online behavior of others is virtually impossible. Here is some important advice: NEVER provide your password to anyone that calls you. Scammers often pose as law enforcement or Internet companies to obtain credentials.
6. Change online behavior. Although you control what employees do during their off-work time, if they are using work computers they need to be careful about the sites they visit and the information they share with complete strangers. Here are some basic guidelines for your employees: Avoid downloading videos and other files from unknown websites. If you receive an unusual email from a friend, don't download any links until you can verify that they have sent it. Consider using utilities like Norton, Webroot or Mcafee that will warn you when sites are suspicious or considered risky.
7. Use two-step authentication when possible. Two-step authentication significantly cuts down on cybercrime because it requires an additional level of authentication from you in order to access your account. This will typically require access to a mobile phone where a text (SMS) message can be sent with a verification code.
8. Encrypt your way to safety. Hackers are looking for information that can be used to access bank accounts, credit cards or trade secrets. Encryption of your files makes it harder for the hackers to steal information. For Microsoft Windows, we recommend BitLocker, which is a standard option that enables one to use full-disk encryption. Although encryption is only activated when a user is logged out, it is a further layer of protection against hackers.
9. Keep your computer updated. Make sure that you have installed the latest security patches for your Operating System and that you scan for viruses and malware.
10. Backup all your files. Backing up your files (either physically or via an online cloud service like dropbox, box.net or sugarsync), won't stop hackers, but it will make your life infinitely easier if your files are corrupted or deleted by a cyber-hacker. Most operating systems like Microsoft (Skydrive) and Apple (iCloud) provides basic cloud back-up services built into the software.
Riaan Gouws is the CTO of Quatrashield, a SaaS provider of Enterprise-class cyber security technologies that include web application vulnerability scanners and malware scanners.
