Get in Touch

The purpose of a password is to protect sensitive data from unauthorised access.

For a long time, to keep up this protective layer, we have advocated that employees create ever more complex passwords and change them even more often.

This is now wrong ! What’s the point of a password system if it makes employees lives even more complex and it doesn’t even properly provide protection any more? Most current password practices were designed for a different age and are no longer fit for purpose. One enormous lesson that the COVID pandemic has taught us, is that the work environment is now totally different :

  1. Systems and data only used to be accessible in a single office, on a single device, on a single network, where we could easily identify the trusted people.
    1. Now, many (unseen) people can now work on many (known and unknown) devices on many networks on many different systems at many locations – How do you know what to trust?
  2. Cybercrime is now super-industrialised which means old defences are easily and cheaply beaten. Bad actors can easily be profitable targeting individuals, let alone small businesses.
    1. Attacks will happen – so you need to contain and limit the spread and damage that will occur.

However, Human Nature is unchanged:

The more rules and complexities and changes you introduce , the more people will try to find an easy way around them.

  • Use the same passwords for every system – once known, access everything!
  • Predictable changes in passwords (e.g. !Password1 just changes to !Password2, etc.)
  • Use the same special characters all the time ( ! at start / end, $” for “s”, “@” for “a,” “1” for “l”, etc.)

 

The new Best Practice Password System:

  1. Introduce 2-Factor Authentication for all systems (e.g. a separate notification on your smartphone to make sure it’s you).
  2. Passwords should be a small phrase (not a single word) that contain no personal information and are easy to remember – e.g. the first few words of your favourite song.
  3. Use a password management system so you can easily have different passwords for every system and not have to remember them.
  4. Introduce risk-based protection / analysis
    1. Automatically Report/ Block any logins from locations you will never travel.
    2. Automatically Restrict what unknown devices can do with your data – e.g. if its unmanaged, don’t allow edits / downloads, etc.

If you do this, then:

  1. Passwords can stay small – around 8 characters in length
  2. Passwords rarely need changing at all (every 12 months or only if a breach is suspected)

Even better, with the right computer equipment, you can now even get rid of passwords all together when using a trusted device. Your employees will really appreciate the difference and your security will now actually work !

If you need help , feel free to give us a call; we’re happy to lend our expertise to your organisation.

 

Are your Business Passwords Already Up for Sale?

Over the past 12 months, I have personally spoken with over 100 Australian business owners, and found that a whopping 42% have had at least 1 Ransomware Attack or Data Breach.

I am sure you’d agree – that is just shocking. Stop tolerating….

How is this happening?

Employees, left to their own devices, don’t know how to manage passwords. This results in them being easily hacked, sold on the dark web and leaving your business as an easy target for ransomware / data  breaches.

Another independent survey* showed:

  • 60% of employees use their business accounts (often their email address) and the same passwords for everything (including for personal purposes).
  • 81% of data breaches are due to weak, default or stolen passwords
  • Worse yet, the passwords were the same as on the survey conducted last year!
  • Is your password on this list below? (link to post

Note :  Criminals read the same surveys

Once a username and password is known it is extremely valuable and likely to be useful for some time…

But what if the breach has already happened?

How would you know? What user accounts and passwords are already compromised?

Sensible Business Solutions today launches a brand new Dark Web Search service that continuously monitors the dark web for user names and passwords that are currently offered for sale and how the breach occurred.


Call Me : Kevin Spanner at Sensible to find out more on 1300-SENSIBLE (736-742)


* Survey By Keeper Security

*Not familiar with the term “Dark Web”?

There is a large portion of the internet that is not indexed by search engines like Google. This is the “Deep Web.”

The US Government created this more secure (and usually encrypted) area of the Internet. It quickly became a preferred communication channel for privacy-conscious individuals, organisations and governments to share data, without detection.

However, criminal organisations now use the deep web as a platform. The term “Dark Web” describes the pockets of the deep web that are used to buy, trade and exploit illegal items (AKA Silk Road, etc.) and illegally acquired data (credit cards, passwords, etc.).

Sales
Support
Email
SHOPCUSTOMER SUPPORT CENTREEMAIL SUPPORT
Sensible Business Solutions © 2021 All Right Reserved
Privacy Policy
magnifiercrossmenuchevron-down