You can’t turn on the TV, pick-up a newspaper, or read a social media post without stumbling across a story involving a data breach of some kind. The recent Ransomware attack that affected the NHS and thousands of other businesses is a case in point.
The sad state of affairs is that malicious attacks on computers, networks, and increasingly, mobile devices is becoming far too common an issue.
You may think that it is just big businesses that are being targeted, but a survey compiled for gov.uk showed that 45% of micro/small businesses (2-49 employees) and 66% of medium businesses (50-250 employees) identified cyber security breaches or attacks in the last 12 months. Over a third of those affected stated the breaches stopped staff carrying out their day-to-day work.
We cannot stress enough the importance of doing everything you can to prevent this from happening to your business. But, should the worst happen, we also encourage you to ensure you have adequate systems in place to restore any potential lost data.
So what can you do in order to help reduce the likelihood of an attack? (For this blog we are referring primarily to desktop and laptop computers, however most of the advice could also extend to mobiles and tablets).
Antivirus – at the very least you should have an antivirus product installed on your device. As for which product to use, there’s not really a right or wrong answer. There are a lot of free products available, but obviously their functionality can be somewhat limited. For our own customers we recommend Kaspersky as it covers everything well and doesn’t impact on a machine’s performance. Once antivirus is installed you need to ensure it is updated; new threats are being created all of the time and so it is imperative that the product is kept up-to-date in order to offer the best level of protection.
Program Updates – ensure you regularly update your programs when patches or fixes are released. Security issues are constantly being found in programs that we use every day. It is also worth making sure, if you are a Windows user, that Automatic Updates are turned on. This way if any vulnerabilities are found within the software, fixes are automatically applied.
Passwords – let’s face it, passwords can be a real pain, and unfortunately a lot of people are quite lazy when it comes to their creation. But you shouldn’t underestimate their importance. Incredibly ‘1234’, ‘password’ and ‘qwerty’ are always in the top 10 most used lists each year! Not only are people using weak passwords, they are also using those same weak passwords on more than one site! Think about that for a moment, we are constantly reading about different sites being hacked, so if you are using the same password across multiple sites it only takes one of those sites to be compromised to make your personal information potentially vulnerable.
Okay, so we need strong passwords but we also need a way of remembering those passwords. I have tried several different methods over the years, and the one that works well for me, and is consistently shown to be a highly secure method, is to use the characters from a sentence or “pass phrase”. For example, the sentence: “Integratech are SAP Business One specialists, and were founded in 2001” becomes “IaSAPB1s,&wfi2001”. That may look impossible to remember by the letters, numbers and symbols, but if you type them as you say the phrase (probably best to not do this out loud!) then eventually it becomes very easy. Try it with something more personal to you; base it on a team you support, a film or television programme you like or any sentence that you think will be memorable.
The trick then is to create these types of passwords for every site you use. Of course, this may become complicated as you try to remember a complex password on each site, but luckily help is at hand in the form of password managers. Password managers, such as LastPass, assist in generating, storing, and retrieving complex passwords from an encrypted database. You create one master password and then use the program to create individual passwords for all of the other sites you use.
Incidentally, if you want to see whether the types of passwords you are using are secure, you can check how strong they are by using Kaspersky’s Secure Password Check. For example, the phrase used: IaSAPB1S,&wfi2001 would take the average hacker over 17 years to crack using brute force. For an explanation of what that is we enlist the help of the good people at Wikipedia: “Brute force attacks work by calculating every possible combination that could make up a password and testing it to see if it is the correct password. As the password’s length increases, the amount of time, on average, to find the correct password increases exponentially. This means short passwords can usually be discovered quite quickly, but longer passwords may take decades.” Incidentally, if we added just one more character on to the 17 digit example given above, it would take over 400 years to brute force it! And, If we actually used the whole sentence – Integratech are SAP Business One specialists, and were founded in 2001 – as the password, it would take the current world’s fastest Super Computer over 1000 centuries to crack! So the longer the password the better!
Thanks for reading, we hope you found it useful. If you have any questions or concerns; or would like to discuss any of the points raised above, please call Integratech on 01905 758900 or email firstname.lastname@example.org.
Mike Cooper, Marketing Executive.
Please note these are only guidelines. Integratech cannot accept any liability should your data be compromised using a password that complies with the above advice.