To hackers, size doesn’t matter. According to a Government Security Breaches Survey, online criminals are increasingly targeting small and medium-sized UK businesses, with the average cost to a company reaching £310,000.
Small businesses can be seen as “softer targets”, due to their often rather cavalier attitude towards online security. They can also lead hackers to bigger prizes, by giving them a direct gateway into the larger businesses they deal with.
At the very least, hackers can run a Denial of Service attack on your site. At worst, they can steal your customer database, or (as in the recent WannaCry attack) hold your vital company files to ransom. Ultimately, an attack could put you out of business.
How do you stop them? As the majority of attacks begin with a hacked password, start there.
1. Use $pecial Ch@r@ct£rs, lowercase, and CAPITALS
At SiteBites, when we create and manage websites, we enforce the use of strong passwords. It’s not optional, or something you can talk us out of with a basket of muffins (but attempts are encouraged). If you’re running your own website, remember that using a mix of uppercase, lowercase, numbers and Special Characters massively boosts the strength of your password. A hacker running a Brute Force attack could crack a seven-letter password in about two hours, if it contained only lowercase letters. Add a special character and a capital, and the hacking time increases to two years. An easy way to use special characters is to swap them with letters that look similar: S becomes $, A becomes @, H becomes #, L becomes £. Numbers work too: replace the letter E with a 3, or B with 8.
2. Use 12 characters
A 12-character password (using a mix of different characters) would take around 17,000,000,000 years to crack. We like those odds! Finding a long password doesn’t have to be a challenge: use your favourite film quote (c0ffeeI$ForCl0Ser$), or line from a song (caLLM£Maybe!).
Don’t use a name or word from the dictionary; both are too easy to crack. Also, avoid using capital letters at the start and numbers on the end — that’s what everyone does, and hackers know it.
3. Stay Random
Hackers will try to guess your password from your personal information, like your favourite sports teams, names of your pets, or the name of your favourite child (we know you’ve got one). They’ll do the same for your password reset security questions, too. Ask yourself: is all that information freely available on your social media? If it is, go rogue. Keep your passwords, and your Password Re-Set information, obscure. For example, the registration number of your first car might be a good password, but NOT if that same car is the publicly visible cover photo on your Facebook page. This rule applies to any personal information that hackers might be able to trace.
4. Lock down your email accounts
Hackers may not try to break into a high-security account, like your online banking, straight off. They’re far more likely to start by invading your less-secure accounts, figuring you’ll use similar logins and passwords for everything else. Their biggest win is to get into your email account. From there, they can simply send out “I forgot my password” requests to all your other accounts, and access the really juicy stuff. So, ensure your email passwords are as secure as possible. It’s often the area most people overlook — don’t.
5. Change your passwords regularly
By regularly, we don’t mean every 30 seconds, or every day — just to a regular schedule. Keep it realistic: changing your passwords once a year will do more for your online security than aiming for once a month and only managing once a decade. But DO change them. Hackers’ ability to break passwords increases all the time. A password that would have taken three years to crack in 2000 now takes just over two months. Gulp. Keep one step ahead and switch passwords as regularly as is realistic for your company. Remember, it could save you a fortune in the long run. It could even save your business.
If you need help with any aspect of your online security, contact us. In the meantime: