By Darren Guccione
As cybercriminals become more sophisticated, they know that businesses with fewer IT resources often offer a better ROI, with fewer risks. In fact, small businesses increasingly face the same cybersecurity risks as larger companies, but many are unprepared to protect themselves.
We recently conducted a study with The Ponemon Institute that found that two in every three SMBs (67 percent) had experienced a cyberattack within the previous 12 months. Furthermore, almost half (47 percent) have no understanding of how to protect themselves, revealing a serious vulnerability for small businesses.
Unfortunately, the security industry often overlooks the small- and medium-sized businesses that make up the majority of our economy. And the issue is beginning to reach critical mass, as attacks like spear phishing, cryptojacking and credential stuffing grow more sophisticated, devastating and harder to detect. As of 2018, 60% of small- and medium-sized businesses that deal with a breach go out of business within six months of the attack, according to the National Cyber Security Alliance.
Given that more than 80 percent of breaches can be traced to stolen or weak passwords, for business owners, practicing good password hygiene is absolutely critical. If you don’t have the prevention piece right, detection and remediation don’t matter. It’s incumbent upon all of us to take the necessary measures to protect company and stakeholder information, and it starts with implementing strong password security and controls.
Luckily there are some quick and easy steps business owners can implement to improve cybersecurity and set an example for the whole business:
Train and Educate Employees
One of the most important components of a cybersecurity strategy is to set an example from the top and treat a cyberattack as a priority. By educating and training employees to understand the importance of cybersecurity and protective tactics, you can greatly improve your ability to protect the organization and avoid a data breach.
Create Strong & Unique Passwords
Passwords are the single easiest entry point you can protect. There are a few basics when creating passwords for personal and professional use to keep in mind. A long password doesn’t necessarily make it more secure. To be secure, it should be both long and random – meaning, it should contain a combination of upper and lowercase letters, numbers and symbols. A password should be no less than 8 to 16 characters, but certainly more can be better. Certain websites require a specific character length, so be cognizant of those requirements when creating passwords.
Never Reuse Passwords
Shockingly, nearly 2 out of 3 people (65%) STILL use the same password for multiple websites and applications. This is a common and very dangerous problem. Cybercriminals keep dictionary lists of the most commonly used passwords. They understand that if they are successful in breaching a single account, they will often be able to access multiple accounts for the same person due to the high frequency of password reuse. So, the more you reuse passwords, the easier it is for an attacker to gain access to every account that uses that same password.
Use a Password Manager
A password management application will enable you to create unique, high-strength, randomly generated passwords for every website and application you use. Also, you don’t have to remember each individual password – just one master password. Password managers organize and maintain your passwords in a secure, encrypted digital vault. Not to be mistaken with authentication, which helps to determine who can access information, encryption requires a cipher key derived from a strong and unique password in order to decrypt the stored information. Decryption either works or it doesn’t—the key can’t be off by even a single 0 or 1, making the information more resilient to a brute force attack. Password managers also allow you to be faster online by autofilling your login credentials for you. With a password manager, you can mandate the use of two-factor authentication for an added layer of security.
If possible, enforce a password management policy and facilitate it by using a company-wide password manager. It’s one of the most potent and cost-effective solutions for securing and managing the passwords in your organization – this can prevent the most common cyberattack. Once you’ve nailed down the basics of password security and effective password management, you can layer in additional cybersecurity technologies.
Darren Guccione is the CEO & Co-Founder of Keeper Security, Inc.