Following several high profile data breaches, cyber security is top of everyone’s agenda at the start of 2016 – everyone it seems apart from small businesses.
There seems to be a preconception that cyberattacks only happen to big companies like TalkTalk, Sony or Ashley Madison. Wrong. Research suggests small businesses are rich pickings for hackers as they have more digital assets but less security than larger organisations. They are also known to be more lax about security
Small businesses often lack the budget and manpower to adequately prepare for a cyberattack but having fewer resources is no excuse for ignoring the threat.
There is now more data online than ever before which means more hackers are trying to get at it and steal it.
If you also consider how computers are getting faster with more processing capabilities, hackers now have more technological support than ever before to help them infiltrate your systems and crack your passwords.
Here are just a few common mistakes I have seen small business owners making when it comes to protecting their sensitive data from a breach:
- Not planning for an attack: A recent study revealed, on average, one-third of small businesses have no plan of action for responding to a security breach.
- Assuming they’re already protected: There are two major assumptions about fraud protection that small businesses get wrong. One is the Government will cover you if your business bank account gets hacked and the other is that your general liability insurance will cover the repercussions of a data breach. Both of these are incorrect.
- Failing to monitor: Insider fraud does happen even in the smallest of companies.
Cracking a password remains the simplest way for hackers to gain access to your accounts and databases. There are three main types of password attack;
- Brute Force: which involves guessing at passwords until the hacker gets in
- Dictionary: which uses a program to try different combinations of dictionary words
- Key Logging: which tracks all of a user’s keystrokes including login IDs and passwords.
Now could be the right time to ditch passwords.
It is now widely accepted that changing passwords on a regular basis and measuring the strength of passwords won’t make much difference to how well data and infrastructure are protected.
Many of the policies enforced around passwords by organisations looking to bolster their cyber-security aren’t actually that helpful. Quite the opposite in fact. With the abundance of sites and services which now require passwords users have to follow an almost impossible set of password rules in order to stay secure.
Complex passwords do not deter attackers but can often make daily life much harder for users! They can cause delays and force users to adopt non-secure alternatives that increase the risk of a breach. Essentially, complex passwords encourage a false sense of security.