Preventing Cyber Attacks Part 1: Password Do’s and Don’ts
Posted on: November 13, 2017 by Signature Insurance Group
This is the first installment in our new blog series that aims to help your business prevent cyber attacks. We all know how devastating these attacks can be, with cost estimates ranging in the hundreds of billions of dollars globally every year. No business is safe—cyber attackers target everyone from small businesses to the world’s largest corporations. This blog series will review some easy and cost-effective ways to help reduce the risk of cyber attacks on your business, including the importance of cyber liability insurance.
One of the most common forms of cyber attack is password cracking. Criminals today have access to software that rapidly and methodically generates password guesses based on common password patterns. A criminal can run this software for days or weeks on end, going about his or her normal life until eureka!—the software finally breaches a weak password.
To help prevent this type of cyber attack, we recommend the following Password Do’s & Don’ts. Share this list with all of your employees to ensure your entire team is part of your cyber security strategy.
- Do change passwords regularly (ideally every quarter) and employ automatic password expiration
- Do require a combination of lower and upper case letters, numbers, and punctuation
- Do require a length of at least 12 characters
- Do be thoughtful when choosing answers for security questions—many answers can be easily found on social media profiles or public records
- Do keep your antivirus software up to date to avoid “password capturing” in which malware tracks your keyboard input to discover passwords
- Do set a log-in attempt limit—after three to five attempts, the account is temporarily locked
- Do set up rigorous verification for lost password claims—like the answers to security questions, you don’t want verification to involve easily obtained information
- Don’t save passwords on a computer—instead use a password manager software
- Don’t leave admin password defaults—it’s still too common to have the password left as “password”
- Don’t use the same passwords for multiple accounts—this includes encouraging employees to not use passwords they use on personal accounts
- Don’t use dictionary words—these are the easiest for hacker software to crack
- Don’t replace letters with obvious symbols, e.g., ! or 1 for I, $ for S—hacker software accounts for these obvious alternatives
- Don’t log in to unsecured Wi-Fi networks, such as those at coffee shops or airports
- Most importantly, don’t forget to review your cyber liability policy. These password tips can help minimize but can never eliminate the risk of a costly cyber attack. Cyber liability insurance is designed to keep your business afloat as you face the costs associated with the fallout of a cyber attack. Having cyber liability insurance can save a business that would otherwise fail in the face of the enormous expense of recovery.
Finally, Do stay tuned for the rest of our series for more tips on how to help prevent cyber attacks. Next time, we will cover how to train employees in essential cyber security protocols.
About Signature Insurance Group
Signature Insurance Group has been working since 1969 to provide comprehensive insurance solutions to individuals and businesses across the United States. We offer a range of insurance products and services in risk management, employee benefits, business insurance, and personal insurance, and we pride ourselves on our commitment to creating “Signature Relationships” with our clients where we commit to providing the best, most comprehensive service possible. To learn more about our goods and services, contact us today at (800) 464-3606.