The threat of cyber attacks. Cyber threats can range from phishing to an employee on purposely damaging digital property to a virus accidentally spread onto the network that can threaten the information on the software.
Using a common password leaves your organization at risk for cybercriminals to attack your account. Let’s add password protection as a major component in your organization’s cybersecurity plan. The risk of a common password is tremendous, and you should avoid having one at all costs.
Did you know:
4.7% of users have the password password;
8.5% use as their password : password or 123456;
9.8% use as their password : password, 123456 or 12345678;
14% have a password from the top 10 passwords used.
40% have a password from the top 100 passwords used.
79% have a password from the top 500 passwords used.
91% have a password from the top 1000 passwords used.
What does this tell you? Think twice before you make “abcdef” your next password. According to a study from SecurityCoverage Inc., if a password contains just six lowercase letters, especially if it’s a common word or combination, a cyber-thief can figure it out in 10 minutes!
However making a six-character password that has numbers AND symbols boosts complexity enough that a skilled hacker would need 16 days to break it, the study found. A task that is most likely not worth doing for that hacker.
Some sites now require a password with at least 1 uppercase letter, one number. and maybe a symbol as well. This is a step in the right direction even if it makes remembering your password just a little tougher. A simple and easy to remember example of this would be “Money17$.”
The real security of course comes from those dreaded passwords that are generated for you. They contain a longer password, of at least 8 characters, with a random order of letters, numbers, and symbols. These are nearly impossible to remember. However, an eight-character password with random letters, numbers, and symbols will take 463 years to break according to the same study. Nine random characters will take a whopping 44,530 years.
“People are careless because they don’t understand the threat said Ed Barrett, VP of marketing for SecurityCoverage.” LinkedIn was compromised in June and had 6.5 million passwords leaked. Yahoo had 6 million passwords stolen as well.
Another important consideration, don’t use the “show typing function” as you type your passwords. Many hackers don’t bother hacking at all but rather infect your employees’ computers with a virus that shows their keystrokes, thus the passwords.
The fact is you can either use strong complex passwords and have trouble remembering them or use simple, weak passwords and suffer from the risk of being hacked. We are not recommending a password of “nif$g*u3ng64dsf7” like a security expert would love as we understand the frustrations and hassle of remembering 20 passwords. We are advising that the next time you make a new password, especially for an important account, that you add some complexity to it. Go back to your most important accounts, like your bank account, and add a few numbers. It will greatly help in reducing your risk.
For a FREE comprehensive Cybersecurity evaluation, CLICK HERE.
The recent outbreak of the Wannacry ransomware brought renewed attention to the importance of a well-crafted cybersecurity strategy. Every company should have a strategy in place regardless of its size. If you don’t have one yet, there is no time like the present to begin. We previously published an article detailing some key-focus points that should be addressed when developing an organizational-wide cybersecurity strategy.
In this article, we drill down into a handful of steps that can be taken now to begin securing your company’s network and data. This is not meant to be an all-encompassing guide. This is only a starting point. These steps should already be familiar for those that have already implemented a cybersecurity plan. However, the most comprehensive plans are worthless if they are not being executed.
1. Make sure all OS & software updates/patches have been applied.
Microsoft and other software developers such as Adobe and Oracle release updates and patches on a regular basis to improve usability and, more importantly, address security issues. Secure your computer systems by taking the time to install these updates. Turn on automatic updates whenever possible. Set reminders for yourself to check for and install any updates and patches. If you forget once, it is easier to forget again and before you know it months have gone by.
If you are running a PC with a version of Windows earlier than 10, be sure to install any updates and then run the tool to check for available updates again. In many cases, certain updates will not be available until other updates have already been installed.
2. Migrate to a Current Operating System.
Organizations are keeping their existing computers longer than they once did. There can be any number of reasons for this – the computers are “fast enough” to serve the needs of the company, the cost to replace the machines may be too high, or perhaps you need them to support a piece of legacy software that cannot run on new computers. These are all valid reasons but as an OS matures fewer security patches are issued. Eventually, the developer will cease all support. Most newer operating systems will run on older hardware. However, if your hardware cannot support the latest operating system, it may be time for an upgrade as well.
3. Install Antivirus Software.
This should be a no brainer. Many people think they’ll never be a target for an attack and as such don’t bother. For those of you out there thinking you’re “too small” to be a target, here is a sobering statistic: 85% of targets are small businesses. Do your research. There are some good options out there, many of which are free. Make sure protection is installed on all computers. Run scans on a regular basis. Check for and install updates on a regular basis. Antivirus software cannot do its job if it doesn’t know what to protect you from.
4. Password Administration.
More than 50% of people use the same password for all of their logins. Remembering one password is far easier than having a different one for each and every service. This makes compromising access to your corporate systems much easier. Employees should be required to use complex passwords. You can also request passwords to be changed on a regular basis.
5. Set User Access Permissions.
Employees only need access to the data required to do their job. Do they need access to certain sensitive information? Do they need permission to install programs? Narrow an employee’s access and permission only to what is needed. This will better protect your systems should their login be compromised.
6. Backup Your Data.
You may need to restore lost or corrupted data should you be hit with ransomware or your systems are disrupted by another type of attack. Backing up your data to an external hard drive that is always connected to your computer or network isn’t enough. That data can become compromised as well if your backup is connected to the same computer or network that suffers an attack. Hard drives are relatively inexpensive these days. Keep multiple backups off-site and swap them out on a regular basis. It is far easier and less costly to recreate or update a few files than to have to try to recreate years’ worth of data. Another option is to use a cloud-based backup service. Your data is stored off-site and most (but not all) of the burden of protection is transferred to your storage vendors such as Amazon Drive or Carbonite.
7. Transition All Your Data to the Cloud.
This step is a little more advanced than the others. As we discussed in point 6, having your data in the cloud takes a lot of the burden of protecting that data off you and transfers it to your storage vendor. You are reducing the impact ransomware can have by not storing critical information on your computer or network. Keep in mind, however, cloud storage can still be vulnerable to ransomware if you upload an infected file. That is why it is imperative you look for a vendor that can retain multiple versions of files if you decide to go the cloud storage route. You can restore a previous clean version with minimal effort should a file become infected.
8. Discuss Cyber Liability Insurance with a Risk Advisor.
You can do everything to protect your computer network and data. The reality is no system is perfect. Cyber liability can’t stop you from having a ransomware attack or data breach. It will help to cover the costs of investigating the breach. It will help you in the defense of claims from the attack & potential data loss. Many policies may also include cyber extortion costs to address a ransomware attack.
Cyber liability tends to be written on the basis that at least some basic security controls are in place. It is easy to say you are performing these steps on an application. However, if a claim results which could have been prevented by following these steps, it may not be covered.
Contact one of our Risk Advisors today by clicking here to learn more about cyber liability and how it can help your company.
In a business world taking advantage of all that new and advanced technology has to offer, it might be easy to forget the vulnerability associated with displaying so much private and valuable information on accessible sites. As with all types of risk, data information leakage will drive up your company’s costs due to the actual loss in value of leaked information or a failure to meet data protection requirements mandated by the state. Companies that use online resources can reduce this inevitable increase in their unfunded exposure by utilizing cyber liability insurance.
One of the primary costs concerning data breaches is notifying affected users of a hacked online resource. The cost of maintaining a data breach notification system can be very high and has only increased since the escalation of hacking in recent years. Without cyber liability insurance, a company is liable for all of the costs associated with creating and maintaining a breach alert system.
One might ask why this system is necessary? 46 out of 50 states have mandatory requirements for data breach notification (Contact a Risk Advisor for information into your state’s particular mandates). Furthermore, a notification system markets your company as reliable, so that your customers and everyone whom you work with can trust the online resources that you provide. Cyber liability insurance can cover a significant amount of the expenses associated with maintaining an alert system and can help your company reinvest those saved dollars into other business operations.
