Businesses often focus heavily on technical solutions to online security issues – firewalls, anti-virus, web filtering – but then forget to tackle one of the greatest risks to their digital assets; their employees. Sadly, human error and poor employee awareness of security threats are some of the most common causes of data breaches.
.
Bad password practice, for example, is a security weakness that hackers are keen to exploit. These attacks are potentially devastating for a number of reasons but one of the main ones is that criminals can access your accounts in a way that appears (on the surface at least) to be legitimate. You may not be aware of the attack when it happens as the hacker isn’t going to announce their presence as they pour through your sensitive data!
.
There are technical solutions you can use to solve this issue, such as password managers (Keeper, Dashlane, etc) and access platforms (such as Azure Active Directory), but as a first step you should ensure your staff is practicing what’s often called ‘good password hygiene.’
.
How Do Cyber Criminals hack password-protected accounts?
Hackers use a number of techniques to hack accounts and gain the ‘front door’ access to sensitive information. A few of these are listed below.
.
Phishing
This method involves social engineering – an act of manipulation designed to make victims perform certain actions. This may come in the form of impersonating a trusted entity (such as a bank or a known person) so that the victim voluntarily shares account credentials or other forms of sensitive information.
.
Malware
Hackers sometimes use malicious programs such as Screenscrapers and Keyloggers to make note of passwords as they are entered. This method involves injecting the victim’s computer with malware beforehand.
.
Brute Force attack
This method can take time, as it involves individually testing all possible alphanumeric combinations until the right one is found. If the maximum password length is fairly short this method can prove effective, however for longer passwords it often takes too long.
.
Rainbow Table Attack
When you create a password it isn’t stored as the text you type, it’s encrypted using something called a ‘hash function’ to create a corresponding value known as the ‘hash value.’
A rainbow table attack is a sophisticated password hack that involves working backward from these encrypted values to find the plain text password. This method demands a lot of computing power due to the size of the ‘rainbow tables’ used in this attack method.
.
Dictionary attack
Similar to a brute force attack in its execution, only a dictionary attack involves testing passwords from a pre-prepared list. A dictionary, could, in theory, be used, but typically these attacks use a list of common words, phrases, common passwords and sometimes even passwords that are known to have been used previously.
.
Guessing
This technique requires little explanation. Often users set up account passwords with names of things, people, or places that mean something to them this makes it easy for a hacker who’s done background research. Another password pitfall is the use of common letter or number sequences such as ‘123456789’ or ‘qwerty12345’ etc.
.
Use good Account practice as your first line of defense
Creating a strong password isn’t rocket science. As we’ve just mentioned, try to avoid numbers and letters in any sort of recognizable sequence and try not to use words that mean something to you. The strongest passwords consist of a long, random string of characters with no obvious meaning and no connection to the user.
.
Make sure your team is aware of a few basic principles of good password practice:
.
- Use multi-factor authentication if possible. This requires 2 or more conditions to be met before access is granted. A verification code sent to your phone is a good example of this.
- Use upper and lowercase letters.
- If it’s memorable don’t use it! Also NEVER use the same password for multiple accounts. Sometimes people fall into the trap of memorizing one complex password and then using it everywhere.
- Make it as long as possible. Password length restrictions often apply. IF your password must be between 8 and 16 characters it’s best to create on that sits towards the upper end of that scale.
- Change your password. It’s rare, but sometimes accounts are hacked without the accountholder’s knowledge. Changing your passwords now and then mitigates the damage a stealth attack like this can inflict.
.
Account logins are your frontline defenses against a data breach. Make sure your team is setting up accounts safely so that your digital world is kept secure.
.
We’re Elixis Technology
We help businesses across Clark county harness technology to drive success. Our expertise covers all bases; from remote monitoring/maintenance and security to hardware, phone systems, surveillance solution, cloud services, and much much more. It’s easier to ask ‘what can’t we do?’
Why not get in touch today to see how the best tech solutions can power your business towards its goals.
.