In recent months, the media has been bombarding us with stories related to hackers and cyber security. With large corporations like Sony having been the victims of hacker attacks, and MasterCard having been shut down by denial of service attacks, it can leave the small- to medium-size business owner feeling a little overwhelmed.
Still, one basic security measure many overlook is a simple focus on their individual and company password policies.
Passwords are the single element that keep our data and account information secure. Passwords also restrict the usage of the services we subscribe to online. If someone knows our passwords, they can send email on our behalf, post on our Facebook pages, and initiate wire transfers and address changes in our financial institutions. It should be no surprise that the password is the biggest vulnerability over which we have full control.
As a business owner, the two best things you can do to protect your company’s cyber assets is to 1) educate youron the value of good passwords and 2) implement a password policy where your technology allows for it.
Strong passwords are ones that contain numbers, characters, punctuation, and a mix of upper and lower case letters. If you were to visit a key generation website, you could easily obtain a very secure password in the form of a 256bit key that looks like this:
The problem with this password is that few human beings can remember it easily. Thus, someone using this complex a password would likely end up writing it down on a sticky and pasting it to their computer or on the wall of their cube; this defeats the purpose of a secure password!
Still, we can also create complicated passwords by using information that we know. For example, I could take an address like 14507 Cherry Hill Ln and make the following password:
The problem is that someone could obtain your street address and then begin to guess at passwords. Criminals actually use computer programs to do this and it doesn’t take long for them to crack passwords based off of information that is a) in the public domain and b) related to the individual they are targeting.
So, what should someone do to make a good password?
National Public Radio aired a story yesterday titled “Hunting For A Password That Only You Would Know” that addressed this very question. The answer is combine common words from a few different sources that you can remember. For example, I like the 80’s band The Police so perhaps I create the password
80s messagE bottlE
Or, on Facebook this morning,were discussing slang words for the noun “money”. Perhaps my password could be:
Greenback Dollar Moola
In my two above examples I create passwords that have upper and lower case characters, numbers, spaces, and complete randomness. Still, I can remember these, so I don’t have to write them down.
As the owner of a business, you should:
- Educate your employees on the import tenets of creating a strong password, including:
- Make them difficult but memorable
- Don’t use the same one everywhere
- If you have to write them down, use a secure technology to store them (e.g. Apple Keychain or mSecure)
- Change them from time to time
- Mandated password changes
- Complex password requirements
Protecting your company’s digital assets and your employees from cyber criminals is a daunting task. Still, a great first step is simply paying attention to the complexity of passwords you use and the policies you have at your company regarding them.
© 2011All Rights Reserved