With so much publicity given to serious data breaches and the devastating effect a hacked password can have for individuals and businesses, the most recent report from the National Cyber Security Centre (NCSC) makes for worrying reading.
According to the report, 70% of people believe they will fall victim to a cyber-crime within the next two years, while 23.3 million hacked accounts of victims worldwide used 123456 as the password, which is unlikely to take a sophisticated hacking app long to crack.
This disregard for strong password protection shows there is still a lack of understanding about the nature of modern hacking attacks, as the advice of security experts continues to fall on deaf ears.
Rather than manually testing a series of simple combinations in the hope of guessing your password, criminals are now using much more sophisticated methods to breach accounts, and it’s crucial that you stay one step ahead of the threat.
NCSC report findings
Taking the lead on cybersecurity-related issues within the UK, the NCSC uses its own research and findings to deliver practical guidance to businesses of all sizes. Responding quickly to security incidents and protecting companies from serious harm, the organisation draws on industry and academic expertise to improve security measures and safeguard public and private sector networks.
The report delivered by the NCSC is based on data compiled from telephone interviews and shows that 37% of respondents agreed that losing money or personal details over the internet has become unavoidable. Ironically, the same report reveals a serious disregard for password security, with many individuals setting weak or predictable combinations that make it easy for hackers.
With freely available programs designed to run automatically and try millions of combinations, simply setting your password to ‘Pa55word’ will no longer suffice.
Creating a strong password
When it comes to protecting your data, information or money, the only way to make a long-term difference is by changing your attitude towards password security.
Although it may sound straightforward, the first step is to stay away from obvious passwords that you’ve trusted in the past. This includes sequential numbers or letters, birthdays and especially the word ‘password’.
Not only will these be cracked in seconds, but hackers will recognise you probably use it for other accounts and target all your other password-protected assets. Instead, it’s important to make passwords longer, aiming for at least 15 characters where possible, using a combination of upper-case and lower-case letters, while throwing in numbers and symbols for good measure.
Alternatively, a word combo can be extremely effective, using a combination of random but memorable words that make it almost impossible for hackers to guess. An example of a word combo could be ‘FootballDogYellowCar’ – the more ridiculous the better.
Another option is to use one of the many free password generator tools available from leading cyber-security organisations, which work locally on your computer, with no risk of your choices being compromised.
Although changing your attitude towards password security is an important first step, that won’t necessarily help you spot an incoming threat or identify the points of attack.
The most common method used by hackers remains brute-force, which despite its name, can be technically effective for those looking to breach an already weak security system.
Brute-force attacks will often use a password dictionary, containing millions of words and numbers that can be tried in combinations to discover the correct password. This can take minutes, hours, days or even years – the programme has enough patience.
Once a hacker has set the program running, passwords will be tried systematically, delivering a successful hack if the dictionary contains the correct password. Therefore, it is critical that steps are taken to create a complex password that contains more than one word.
While outside hacking attacks can be difficult to prevent, there are other routes into secure networks and accounts, which typically involve the actions of individuals granting access.
Some cyber-criminals will try to trick, intimidate or pressure an individual into giving them what they want, otherwise known as phishing, when attacks are personalised to target a specific organisation.
Typically, the phishing email explains that a receiving bank account’s details have changed or there is something wrong with an account, prompting the recipient to click a link to resolve the issue.
This link then leads to a fake website that has been carefully designed to look like a legitimate banking website, often duping unsuspecting users into entering their access details and password. A message will then inform the individual that the account cannot be accessed, and they should retry in ten minutes – just enough time for the criminals to empty your account.
This same approach is used regularly by cybercriminals, targeting businesses, law firms, banks and anyone with valuable data or money moving through their accounts.
Securing the future of your business…
Password protection is not a new security feature, but research shows that individuals and businesses are still not treating it seriously enough.
Although it may be tempting to create a relatively straightforward password that is memorable and quick to type, hackers now have the power to test millions of combinations and breach your account within minutes.
Although opting to use a selection of upper-case and lower-case characters isn’t always efficient, doing so can help secure your account from would-be hackers.
Remember, cyber-attacks are becoming more sophisticated over time, so it is important to regularly update your password and other security measures, ensuring you stay one step ahead of criminals.
If you’re unsure about the next steps, contact an experienced managed service provider and begin securing the future of your business.