What may start as a simple boredom buster could be making your personal information readily available to cybercriminals.
We've all seen them around. Lighthearted social media quizzes asking about your favourite colour, your first pets name, what your favourite car is etc.
At face value, these quizzes are seemingly harmless - a way of engaging on online platforms with friends and family. Unfortunately, as it goes with "once on the internet, forever on the internet", these quizzes are also potentially giving cybercriminals access to your various online accounts through your passwords and security questions.
If you think about your internet banking, for example, most banks will not let you reset a forgotten password without answering a 'secret question'. How many questions from the below quiz example do you recognise from setting up access to different online accounts?
While we would like to think something as simple as not engaging with these quizzes online may be common sense, unfortunately, vulnerable and unsuspecting social media users continue to be caught out.
With the Australian Government warning all businesses and individuals to enhance their cyber security as a matter of priority, we'd like to take this opportunity to offer a refresher on how to set a strong password.
How to Protect Your Online Accounts with Strong Passwords
The Australian Cyber Security Centre (ACSC) advises that we follow the following advice in order to create strong passwords and protect our systems:
- Regularly reset your passwords to reduce the ongoing risk of credential compromises.
- Consider increasing your password length and complexity.
- If you think your credentials have been compromised, reset all passwords as soon as possible.
- Stop reusing the same password across critical services such as banking and social media sites, or sharing passwords for a critical service with a non-critical service.
- Use passphrases that are not based on simple dictionary words or a combination of personal information, as this reduces the risk of password guessing and simple brute-forcing.
- Ensure new passwords do not follow a recognisable pattern, as this reduces the risk of intelligent brute-forcing based on previously stolen credentials.
The Basics of Creating a Secure Password
In previous articles, we have discussed the fundamentals of how to create a secure password. Let's touch on them again below.
1. The longer the better: At a minimum, you should have 8 characters in your password or passphrase, however, we recommend 12 or more.
2. Complexity: Adding numbers and characters greatly increases the strength of a password, as does a combination of lower and upper case letters.
3. Avoid repetition: Try to avoid creating a complex password, then incrementing it by one character each time you’re asked to change it. And remember - it is essential not to use the same password across multiple devices and systems. This is where the use of a password manager program can come in handy.
And a few things to remember NOT to do...
- Use pet names, birthdays, family or friends’ names, favourite food or songs etc in your passwords.
- Use a predictable combination of words e.g. 'ilovesurfing', context specific words e.g. 'mygoogleaccount' or repeated sequential characters e.g. 'QWERTY' or '123456'.
- Share passwords with others, even with friends
Educate your Employees on the Importance of Passwords at Work
Good password hygiene is important for both personal and work accounts. The ACSC recommends prevention techniques such as clearly documenting cybersecurity policies and cyber security awareness training for all employees.
The purpose of Cyber Security Awareness Training is to educate staff about cyber threats and attacks they may be subjected to each day, including the importance of good password hygiene.
Cyber security awareness training also ensures that you and your employees understand the part everyone must play in protecting your organisation and client’s data.
How can Diamond IT support your Cyber Security Strategy?
If you want to educate your employees on how to create and maintain secure passwords, our staff education programs and policy and procedure reviews can help.
The Diamond IT team specialise in reviewing cyber security strategies to ensure they are fit-for-purpose, align with government recommendations, and include the necessary defences required to best protect your business from malicious threats. We provide a wide range of support, including:
- Cyber Security Awareness Training
- Cyber and Data Breach consulting and forensic analysis
- Disaster Recovery (DR) planning
If you need advice on how you can ensure your cybersecurity strategy is fit for purpose, our team of Cyber Security experts are ready to help. Contact our team on 1300 307 907 today.