Simple Steps to Protect Your Business from Hackers

Resource
Share

You don’t have to be a security expert to see that cybercrime is on the rise and that businesses are a prime target for hackers.

By Ken Colburn

The nature of cybercrime shifted years ago from those that did it for kicks to highly sophisticated organized crime groups.

The speed, convenience and anonymity of the Internet allow them to operate in countries outside of our reach and target U.S. businesses.

The reality is that everything is hackable, but are you accidentally making it easier to become a victim?

Random acts of hacking occur every day because unsuspecting victims made it too easy for these sophisticated criminals.

You may recall in the distant past, thieves would drive around affluent neighborhoods with various garage door openers to see which homes could be easily entered.

Garage door manufacturers produced newer security measures in transmitters to combat this simple “hack,” but if you didn’t update your equipment, you continued to be an easy victim.

Today, if you don’t continually update your security measures, the same thing happens.

Passwords: Forget Everything You’ve Ever Been Told

Passwords are generally all that stand between a motivated cybercriminal and your sensitive information, but they are the bane of your online existence.

Weak and default passwords are two of the most common areas of exposure we come across when working with most businesses.

At least eight characters long, upper and lower-case letters, numbers and special characters is what most of you have been taught.

Unfortunately, what the tech industry has taught you is how to create difficult to remember passwords that are easy for hackers to break.

With “brute force” computing power so readily available to hackers these days, no matter what combination of the 8 letters, numbers and special characters that you’ve been trained to use, it’ll take just over one minute to break it.

It doesn’t matter what combination you use, because it’s a simple math problem that can be solved quickly when your password is only eight characters long (you can see for yourself with Gibson Research’s Haystack tool: https://grc.com/haystack.htm).

Simply making passwords longer will exponentially increase the security against this common exploit known as a brute force attack (a sophisticated high-speed guessing process).

All your passwords should be at least 15 characters long. Once you’ve stopped gasping at the thought of remembering multiple random strings of 15 characters, here’s an example:

‘I Hate Passw0rds!’ is a 17-character password that takes the brute force time from 1.12 minutes (for any eight-character password) to 13.44 billion centuries.

Use pass-phrases instead of passwords:
Going 2 Aruba in 2016! (22 characters)

Married for 25 years! (21 characters)

Some systems don’t allow spaces as special characters, so you can either use the underscore or just skip the spaces.

There are certainly other ways for hackers to compromise your passwords, but by extending the length, you’ve taken yourself out of the crosshairs of a very common exploit.

Default Passwords

When it comes to the equipment that you use, every hacker knows the default password to every device connected to the Internet. Leaving passwords at the factory default for any device you use (routers, webcams, etc.) makes it much easier for hackers to wreak havoc.

Low Tech Password Management

Using unique longer passwords for every account makes remembering all your passwords pretty difficult, if not impossible, so finding a password manager of some sort is the key.

Although there are lots of password management programs, don’t forget that a low-tech approach may be all you need.

Writing down your passwords and keeping it buried somewhere in your desk is a far better option than using the same password on every account you own.

The total number of “hackers” that can gain access to a physical piece of paper buried somewhere in your desk pales in comparison to the millions that know to try a compromised password everywhere.

The key is to not make it obvious that the document (physical or electronic) is a list of passwords.

Don’t use the word password anywhere on the document and come up with your own encryption scheme just in case someone does find it.

For instance, add four random characters to the beginning of each entry so only you will know to ignore them.

While this approach isn’t technically as secure as using an encrypted password management program, it’s a heck of a lot safer than using the same password everywhere and easier for non-tech savvy users to execute.

Two-Factor Authentication

If you assume (and you should) that at some point your passwords are going to be compromised, you need to take some steps to protect yourself so you’ll know what to do when it happens.

A very powerful security tool that can thwart cyber-thieves even if they get your username and password is available for just about every online account you have.

It’s referred to as two-factor authentication (or two-step verification) and it refers to something you know (your password) and something you own (your smartphone).

Once it’s turned on, whenever you enter your username and password from a computer or mobile device that isn’t recognized by the system, a short code will be sent to your phone to verify that it’s really you.

If you don’t enter the code, it won’t let you — or a hacker that has stolen your login info — to access the account.

You’ve been using two-factor authentication forever whenever you withdraw money from an ATM. You have to have your debit card (something you own) and your PIN (something you know).

Imagine a debit card that didn’t require a PIN; that’s how you should view your online accounts without two-factor authentication activated.

Password Fraud Alerts

The best part of using two-factor authentication is that it automatically becomes a fraud alert system when someone has your username and password.

Remember, even if a hacker acquires your username and password, they won’t be able to access your account because they don’t have your phone in their hand.

Now, whenever you get a text message out of the blue saying “here’s your access code,” you’ll know that someone has acquired your username and password and is trying to use them.

You’ll also know that they can’t get in without your phone, so you can simply change your password to prevent future issues.

The process for setting up two-factor authentication is different for every account so a great web resource to learn how to turn it on for the web services you use is located at: https://twofactorauth.org.

Securing Your Mobile Devices

Laptops, smartphones and tablets are critically important business tools these days, but they are also extremely desirable to thieves.

Mobile devices by their very nature are more likely to be lost or stolen, so you should assume that it’s going to happen and act accordingly.

Make sure all your devices have access passwords to make accessing your sensitive info more difficult and install a remote tracking program so you’ll know what to do when something goes missing.

A really solid (and free) option is available at https://preyproject.com and it’s much more helpful than Find My iPhone or Find My Mac.

Not only can Prey locate your device, it can lock it down, take a picture of whomever is using it, along with a screenshot of whatever they are doing on your computer.

Location alone is not enough for law enforcement to do anything in most cases, so the additional evidence is very helpful.

There are certainly many other things that you should consider when it comes to cyber-security, but these simple steps will go a long way to protecting you against some of the most common threats.

Ken Colburn is president of Data Doctors Franchise Systems, Inc. He serves as chairman of IFA’s Marketing and Technology Committee. Find him at fransocial.franchise.org.

Search