Adam Eaton: Password Security
I have no doubt you have heard of and visited the site www.ncsc.gov.uk to read up about the latest in Cyber Crime however in case you are not aware of who the National Cyber Security Centre is , the NCSC was set up to:
- understand cyber security, and distil this knowledge into practical guidance to be made available to all
- respond to cyber security incidents to reduce the harm they cause to organisations and the wider UK
- use industry and academic expertise to nurture the UK’s cyber security capability
- reduces risks to the UK by securing public and private sector networks
In a previous role our CTO was often called upon to provide input to working groups which makes me feel comfortable this government body is actually listening to and asking about what is going on in the real world.
This blog is as a result of watching a segment on the BBC one Sunday morning discussing a new password report that has been published ahead of NCSC’s CYBERUK 2019 in Glasgowhttps://bit.ly/2XyUiqS. Two things really surprised whilst watching the segment:
- this report has hardly had a mention since the early Sunday morning slot on the BBC
- The statistics are astounding.
To give you an idea, the headline statistics of this report are:
- Breach analysis finds 23.2 million victim accounts worldwide used 123456 as password
- 10 of the most commonly used passwords are:
- Only 15% of people say they know a great deal about how to protect themselves from harmful activity
- Less than half do not always use a strong, separate password for their main email account
At Nimoveri we provide IT services to SME’s and have seen first-hand the damagethat can result from a weak password.One customer was infected with a crypto locker virus as a hacker was able to exploit a weak password to get on to the network. Another customer lost more than £27,000 in a phishing scam after the CEO’s email account was compromised.As someone who has been in IT for many years I believe I am relatively IT savvy but having seen the phishing email chain from another of my customers where the CFO was requesting for a sizeable sum of money to be transferred, I genuinely couldn’t tell that it was a scam, the email looked genuine.
Yet the solution can be relatively simple. Follow these simple steps and you will dramatically increase your personal security and that of your business:
- Implement a password policy that enforces 30 day changes
- Use a phrase you’ll remember, replace letters with numbers and symbols and you’ll have a strong password that is difficult for hackers to break
- Use a random password generator such as passwordsgenerator.net
- Check your email address on https://haveibeenpwned.com/ to see if it has been compromised and if it has then change your password.
- Enable multi factor authentication to increase security
Adam Eaton is Managing Director and owner of Nimoveri IT and Cloud Services, an independent business delivering high value IT outsourcing services as a SightCare Preferred Supplier. Adam believes in delivering excellent customer service by spending the time working with clients to understand their expectations and then to exceed them.