Elements from shutterstock

Lock the Business Cookie Jar

What steps did you take in October’s National Cyber Security Awareness Month?

Back Web Only Oct 30, 2017 By Scott Alvord

Did you make any progress during October’s National Cyber Security Awareness Month? Did you, as I like to say, lock your business’s cookie jar? If you’re like most business owners, you care about security and you promise yourself you’ll make an attempt at it soon. But like our New Year’s resolution of losing weight, it begins with good intentions but then life happens and it becomes low priority — again.

Protect Your Password

Passwords are the primary line of defense for most of your private digital life and the digital assets of your business. The key to defending yourself and your business is to first learn what hackers value and how they obtain your password. To create an uncrackable password, you need to meet all of these criteria:
  1. Impossible to guess

  2. Complex enough to be almost mathematically impossible for hacking programs to decrypt

  3. Easy to remember

  4. Unique for every single online account

  5. Safely written down

A typical business owner’s excuse probably includes one of three things: 1) It’s not going to happen to me because hackers aren’t going to target me. 2) Yeah, I know, but I’m honestly too busy to deal with it right now. Maybe later. 3) I’m not sure how to protect my company beyond its current configuration, and I can’t afford to pay someone I don’t trust to come make changes with my computer system.

Guess what? You and your business are at risk and both will eventually get hacked. In many cases, the security of your whole company is at the mercy of the weakest link in your employee chain. It’s through their ignorance that they use passwords easily guessed or hacked. It’s their trust that makes them open those emails that claim to contain lost inheritance, sexy models, invoices from unknown customers and important advice from a trusted friend.

There are three major ways that you or your employees can seriously damage your business. The first is by activating a virus, ransomware or other damaging software on your computer network. This almost always happens through innocent, but careless, behavior in response to trickery by dark forces.

The second way an employee puts your company at risk is by using easy-to-guess passwords. This includes common passwords that every hacker knows (e.g., password123) and those that can be easily cracked. It also includes the majority of adults who have their passwords written on a piece of paper within three feet of their keyboard.

The third way is very scary. Your system can require the most advanced passwords on the planet and your employees can be great about memorizing them to maintain security, but they might have a hidden secret that can bring you down. Consider what we’ve seen in the major hacks including Yahoo, JP Morgan, eBay, Ashley Madison and Gawker. Hackers can sometimes break through digital security and download the whole account database and decode it at their leisure. How can the theft of someone else’s database put your company at risk? Because the secret your employee is hiding is that — like roughly 75 percent of the population — they use the same password for multiple accounts.

Why is using the same password for multiple accounts such a huge risk for your company? Because once a hacker cracks another company’s database, the password your employee used there might be the same that allows access into your company system.

Even Mark Zuckerberg learned the hard way when his “dadada” password was deciphered from among 6.5 million stolen LinkedIn accounts and then published online. People tried his password on other accounts and found out it was also used for his Pinterest, Twitter and Instagram accounts. Oops. Just imagine if that same password allowed access to his bank account or the secret Facebook strategic plan documents.

Take a major step toward locking your company’s cookie jar and sit your employees down and educate them on how hackers do their dirty work. Then teach your staff to develop complex passwords that are absolutely unique for every single account. The security of your company depends on it.