In last week’s QuickTip, we talked about PCI compliance and the importance of enacting more stringent security measures around credit card transactions. Guess what? Two days later, CNN Money reported that Trustwave examined 120 retailers nationwide and found that 90% of their credit card terminals were made by the same manufacturer — and all had the same default password. That makes it easy for hackers to target those machines and potentially install malware that could steal troves of consumer data.
Other than making you more aware of the massive gaps in today’s data security, this news should also hammer home how important password management is. Still using “password123” as your preferred login? Employ the same password for all of your online accounts? You’re precisely the kind of target that cybercriminals hope for when they launch their nefarious attacks.
Here are five recommended strategies for beefing up the protection of your passwords, which is a good first step on the path of comprehensive security for your entire IT environment:
1) Change your passwords! Some easy-to-use online crackers can decode any password with fewer than 7 characters in seconds. So creating strong and unique passwords that are at least eight characters long and mix upper- and lower-case numbers, letters, and symbols — think “P@ssw0rd#!23” instead of “password123” — are a necessity for online security.
2) Always take advantage of two-factor authentication. Two-factor authentication requires a standard password as well as a second unique code. This can be generated and sent directly to your mobile device via text message or voicemail; generated via phone swipe, fingerprint scan, or voice recognition; or confirmed by landline, LED screen, or even wearable technology. Nearly every major online service offers this option, so make sure to take advantage of it.
3) Use a password management tool deployed by a trusted IT partner. Password security isn’t just about keeping your personal data safe. Industry regulations like HIPAA, PCI, Sarbanes-Oxley, and FINRA require full password audit reports. And if you’ve ever had to let an employee go, you know how important instant lockout and access administration is. Free, consumer-grade password tools can only go so far to satisfy the unique requirements presented by the small and medium-sized business market. If you’re interested in password management as a service, CMIT Solutions can help.
4) Institute a regular assessment of your personal and business accounts — especially those you don’t use very often. Anytime there’s a major password hack, Facebook, Yahoo, Google, Twitter, and other popular services leap into action to protect their users. But the best kind of security is the proactive kind, so make a note to check your social media and email accounts periodically to ensure everything is in working order. If you only use Facebook, Twitter, or that old email account once a month, these are the easiest targets for hackers. Also, if any site has required you to reset a password recently, consider that another red flag and assess your other accounts.
5) Ensure that anti-virus software and security patches are up to date. Speaking of a proactive approach… Maintenance and monitoring services like CMIT Marathon come with built-in anti-virus, anti-malware, and anti-spyware software that can stop the kind of malicious password-hacking viruses in their tracks. That includes patches and fixes for Java, Adobe, Chrome, Firefox, Microsoft Office… Comprehensive security with multiple layers is possible — especially with an experienced IT provider on your side.
If you’re unsure about the security of your passwords — or overwhelmed by the idea of changing them all — contact CMIT Solutions today. We take online security very seriously, and we’re committed to improving productivity and efficiency so that you can achieve your business goals. If you want to make technology work for your business, not against it, we’re here to help.