Have you or people in your business been using the same passwords for years? Are they something really simple, easy to guess and slightly embarrassing, such as ‘Admin123’ or ‘Password’?
You may think that no one is going to guess or crack your passwords and hack into your account. Read on to find out how easy it is to crack passwords.
Recently, an array of password hacking, identity theft and cybercrime incidents across businesses in Australia have caught media attention, so it’s time for you and your team to become more aware of the dangers lurking throughout the world wide web.
This scary activity has come with a recommendation from IT experts to use passphrases instead of passwords. What are passphrases? Let’s find out.
What is a passphrase?
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. It’s similar to a password in usage, but longer for added security.
Passwords and passphrases serve the same purpose. Passwords however, are generally short, hard to remember and easy to crack. Passphrases, on the other hand, are easier to remember and type and are considerably more secure due to their length.
Why? Because IT experts are finding that more and more passwords with multiple symbols, numbers and letters are bring breached more and more frequently. As a result, these types of passwords are in fact becoming irrelevant.
In addition, it seems that size does in fact matter and that the longer your password is, the less likely your security will be compromised.
Sophisticated bots on the riseS
There has been a rise of sophisticated bots, such as‘Brute Force’ (also known as the dictionary attack) over recent years. These bots can break into accounts without the need for a password. All these bots need is a username, and the time to try a random combination of passwords, for them to eventually crack the code and break through.
The shorter the password… The quicker the bot can hack.
In fact, according to IT experts, if your password is 7 characters, it can only take a hacker 0.29 milliseconds to hack your account, as opposed to 74 million years, for a 16-character password – Seriously!
Passphrases should have a minimum requirement of 16characters. Increasing character length increases the total number of possible correct passwords. The longer a password is, the longer a Brute-Force program will take to guess the right one.H
How can this happen to your business?
If you’re thinking, “This won’t happen to my business”. Think again.
Recently, it happened to a Perth accounting firm(Editor – no, it wasn’t proCFO). A hacker entered the email address in the company’s Mailchimp, and the Brute Force bot did its thing. As the password was only 7 characters long, the hacker was in in under a second. Mailchimp is an email automation system, so naturally, all the clients’ email addresses were right there and in under 5 minutes, the hacker had sent an email out to all of them containing ransomware (malicious software).
Another Perth business recently lost thousands of dollars, when a hacker got into their accounting system, sent out invoices with new bank account details, and have these invoices paid into their own account. Fortunately, the business had an excellent cyber insurance policy in place and was able to make a claim, but still, not a situation you want to find your business in.
How can you protect your business?H
By using a passphrase of course!
Your passphrase could be your favourite quote, or something specific to your business that outsiders won’t know. It should be different for every single application used in your business too.
Here are some examples (don’t use these for your passphrase):
The bad news? Password hacking, identity theft and cyber crime incidents have become more common and are very difficult to stop.
The good news? Switching from passwords to passphrases will help secure your business and it doesn’t have to be complicated. It’s as simple as introducing the concept to your staff, choosing your passphrases and making the change.
The spiralling cost of cybercrime to Australian businesses has led the Australian Government to launch an assistance program that provides funding for a cyber security audit. Get in touch if you would like to know more about how you can access this program.
Need help with more than just the security of your business? At proCFO in Perth, we offer a range of services fromBookkeeping, Business Coaching and Taxation and Business Advisory.
Get in touch to find out we can help today.