With our business and personal lives becoming increasingly digital as a result of the pandemic, cyber-crime is on the rise. Cybercriminals are capitalizing on our digital footprint, and passwords are the biggest target. In fact, according to a Verizon Breach Investigations Report, compromised passwords are responsible for more than 80 percent of digital data breaches, and are continually rising.
In honor of World Password Day, celebrated annually on the first Thursday in May, and in an effort to raise awareness on how to protect digital data, ICS President Kevin Blake shares best practices on how best to protect your personal and business information from online hackers.
Q&A WITH KEVIN BLAKE OF ICS:
Why is password security, and changing your password often, important for individuals and small businesses?
KB: It can be challenging to figure out when or if someone else hacked into your account. By changing your password regularly, you can reduce the risk of hackers gaining access to your accounts. Consider changing your password every two to three months to be on the safe side. It can be convenient to use the same password on every account, whether logging into your computer and network equipment or online social media accounts. However, it also means that if your password is compromised, the hacker could gain access to every account you have. Changing your passwords to something different and unique to each account will make it so that even if someone does guess one password, they cannot use it for anything else. Adding two-factor authentication to enable access to your applications can provide another layer of security to your access credentials.
What are some of the best practices to avoid unsafe passwords?
KB: There are a host of best practices:
- Creating a strong password phrase
- Avoid bunching numbers and symbols together
- Steer clear from the obvious passwords like “password123”
- Try not to make passwords too long that you won’t remember
- Use different passwords for each individual account
- Do not use your network username as your password
- Do not choose passwords based upon details that may not be as confidential as you’d expect (such as birth date or phone number)
- Whatever you do, don’t store your list of passwords on your computer in plain text.
Hackers and phishers are taking advantage of the increased digital activity during COVID. What are some tips to avoid falling for password phishing scams? Are there any specific scams to look out for?
KB: Hackers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, bank account numbers, or Social Security numbers to try and steal as much personal information as possible.
Phishing emails and text messages may look like they’re from a company you know or trust like your bank, a credit card company, a social networking site, an online payment website or app, or an online store. Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.
Phishing attempts might:
- Say they’ve noticed some suspicious activity or login attempts
- Claim there’s a problem with your account or your payment information
- Ask you to confirm some personal information
- Include a fake invoice and want you to click on a link to make a payment
- Say you’re eligible to register for a government refund
- Or offer a coupon for a free product or service
Do not under any circumstances divulge your personal information to anyone by email, phone call or text, without verifying the authenticity of the request.