VOL. 131 | NO. 24 | Wednesday, February 3, 2016
Data Breaches: ‘The Third Certainty in Life’
By Patrick Tamburrino
I recently received an email from a former colleague that appeared to be a DropBox link with “important documents.” Since it had been awhile since our last correspondence, I emailed back to make sure that the note was real, only to receive a bogus response that confirmed my suspicions. Cue me reporting it to her company’s help desk, blocking the user from my email, and deleting the note.
This is one of the best examples of social engineering currently being used by hackers. And it serves as a reminder to small businesses everywhere to get ahead of the problem.
Adam Levin, co-founder of Credit.com, recently dubbed data breaches “the third certainty in life,” adding to the traditional death and taxes. Most data breaches, such as the example I cited, could’ve been avoided by simply updating passwords to ensure they are unique and not easily detected.
Before you fall victim to the latest email scam, and thus increase your chances of infecting your computer with malware and spyware, hold yourself accountable with some of these password tips:
If your password is obvious to you, it’s obvious to others.
That includes “123456,” “password,” “welcome,” and even “starwars.” Check out SplashData’s top 25 most popular passwords in 2015 for the full list of passwords to avoid.
Use different passwords for different accounts.
From online banking to shopping, make sure passwords are not automatically saved on your computer or the same across multiple websites. This is especially critical if you run your company’s social media pages.
Get creative with your passwords.
Hackers use big-data analytics when attempting to crack passwords. To not fall victim to their algorithms, use passwords that are a minimum of 8 characters, mixed with numerical and special characters (*, @, #, 2). For another level of protection, try password managers, which use software to encrypt passwords.
Require employees to use unique passwords and change passwords every 90 days. Consider implementing multifactor authentication that prompts for additional information beyond a password for access. Speak with your vendors that handle sensitive data, particularly financial institutions, to see if multifactor authentication is offered on your account.
Employee training is inexpensive, but critical.
Most hacking episodes occur when employees click on malicious links or websites. Security experts agree that education is the best defense. Train employees in security principles, password etiquette, Internet guidelines, and spotting suspicious emails – and specify violation penalties.
These days, fighting the good fight against online criminals should be engrained in any business’s operations. I challenge you to recall the last time you changed your password. If it’s over 90 days and/or is easily guessed, it’s time to beef it up and lessen your company’s risk of susceptibility.
Patrick Tamburrino, president of IT strategy, support and management firm Tamburrino Inc., can be reached at firstname.lastname@example.org.