Now that we’ve looked at what the Dark Web is and how data can end up on it, let’s explore some of the simple steps you can take to ensure your business’ sensitive data doesn’t find its way into the hands of dark web criminals.
In April of this year, video conferencing platform “Zoom” suffered a data breach which led to the release of over half a million account logins onto the dark web. Events of this nature are often highly publicised leading users to feel frustrated and angry at their details being compromised, and rightly so!
While you don’t want any of your accounts to be compromised, in some cases damage can be avoided by simply changing your account login details after becoming aware of the breach. However, this won’t be the end of the story if you and your staff routinely practice poor password hygiene…
Recycling is great…but not when it comes to passwords!
For every online profile you set up, you should configure a unique, complex and long password. Each password should bear no resemblance to that for any other account, and you should avoid using words, phrases or number/letter sequences that have any personal meaning to you.
Ensuring each password is unique is particularly important, as using identical or similar passwords for multiple accounts may allow hackers to wreak havoc across your digital estate using a technique known as ‘credential stuffing.’
What is Credential Stuffing?
Basically, it involves hackers either acquiring or buying a bundle of stolen account credentials and then trying each login on a number of other sites in the hope of gaining access. This technique leads to success for the hackers due to the fact that an estimated 73% of passwords are duplicated (according to Microsoft). Even if a user changes their password on the breached account, the stolen credentials may be the key to another account somewhere on the web.
Sometimes the hackers also take the stolen credentials and apply variations to them to gain access to other accounts.
Password practice – 15 ways to keep your accounts secure
We’ve outlined the importance of long, complex and unique passwords, but what else can you do to keep your account impenetrable?
Use password encryption
Non-reversible, end-to-end encryption adds an extra layer of protection to passwords in transit and in the event that a data breach should occur.
Deploy multi-factor authentication
Multi-factor authentication requires the additional access criteria to be met in addition to a correct username/password combination. This additional piece of information could be:
- Something only the authorised user would know. A pin, answer to a security question etc.
- Something only the authorised user would possess. This might involve sending a code via text message to the user’s smartphone to verify identity.
- Biometric data. Facial recognition, fingerprint or voice recognition data.
Now widely available, you may be able to activate multi-factor authentication within the apps and services you currently use.
Password testing tools are available online to help you determine the strength of your account passwords. Microsoft’s Safety & Security Center also contains such a tool.
Avoid Dictionary words
“Dictionary Attacks” involve the use of software programs which cycle through tens of thousands of dictionary words in the hope of finding a match. Sometimes additional characters are added to common words too, so to stay safe it’s best to avoid dictionary words altogether.
Keep mobile devices secure
With mobile devices increasingly being used for business purposes, device security has never been more vital. A lost or stolen device can easily be compromised unless strong access controls are implemented. Secure all portable devices with pin/password protection as well as a fingerprint or facial recognition controls where available.
Don’t ask employees to change passwords frequently
While this may seem counterintuitive, requiring users to change passwords regularly has been shown to increase the likelihood of password duplication. There also an increased chance of passwords being written down. Only request that users change passwords when a threat to account integrity is uncovered.
Apply special protections to “Privileged Accounts”
Consider using the likes of PAM (Privileged access management software) to apply extra safeguards to privileged accounts, which are prized targets for cybercriminals. Unlike general user accounts, privileged account credentials should be changed on a regular basis.
Be mindful of the information you put online
Phishing scammers often use publicly available information in order to steal account information. They may use the information you make public via social media or even your business’ website in order to impersonate trusted individuals with close links to your business.
Don’t manually record passwords
Recording account credentials on paper or digitally is a risky business. Such records could end up getting lost or stolen and could give criminals widespread access to your sensitive data across multiple accounts.
Guard against malware!
You password management efforts will be for nothing if malware present on your system allows hackers to record your every keystroke. Deploy technical measures to scan for and deal with malware, such as anti-virus software and vulnerability scans. Ensure software and operating systems are well maintained to minimise points-of-entry for hackers.
Use a Password manager
Password managers allow you to safely and securely store all your account passwords in one place behind a wall of encryption. Password managers can also be used to create and store highly-secure autogenerated passwords designed to give maximum security.
Just make sure that you set up a strong master password!
Struggling to find a solution that fits around your business?
At Cloudscape, we use our extensive experience to deliver custom-fit technology solutions to SMEs in London and the home counties. Technology should serve your business’ aims and aspirations, it shouldn’t be something to mould your operation around. We are experts in Cloud-computing and we know how empowering Cloud Services can be when leveraged correctly, so let us help you tailor Office 365 so that it works for your business and the unique challenges you face. Call us on 0207 952 8123 or send us an email firstname.lastname@example.org.