When a large corporation or government agency falls prey to hackers, the incident attracts a lot of negative press coverage due to the leak of private customer data or because important national security information may be compromised. Media coverage can leave the impression that only larger organizations are hacker targets. But small businesses, including solo shops or service organizations run by the self-employed, are also frequently targeted by hackers.
…hackers can install keylogger malware to collect every keystroke subsequently entered into the system…
Hackers view smaller enterprises as easy targets because cybercrime directed at this sector tends to attract less law enforcement attention. Hackers also assume they’ll encounter less sophisticated security measures when they focus on small businesses or solo operations, which, unlike their larger counterparts, generally don’t employ full-time security specialists.
One way cyber criminals gain access to confidential business information at smaller organizations is to use default passwords for remote access system entry points, e.g., “password” used as a password. After gaining access, hackers can install keylogger malware to collect every keystroke subsequently entered into the system, using the passwords and account numbers they gather to gain access to bank accounts and other highly sensitive information.
Changing default passwords is an easy fix to address this risk, but a password alone won’t keep data safe. Password strength matters too. Weak passwords are another way hackers gain access to small business data. Many small business employees use easy-to-guess passwords, such as all-lowercase words that appear in the dictionary, which are easy for hackers to crack.
Business owners’ or employees’ publicly available social media pages are another way hackers gain clues to guess passwords, since pages like Facebook often contain names or numbers people use as passwords (birthdays, sports teams, pet names, children’s names, etc.). Social media data can also be mined to hijack accounts by changing passwords. Some sites only require users to answer a default security question when changing a password at the login page, and the answer to questions like the name of the city where the user was born, mother’s original last name, etc., are often easy to find on Facebook.
The trick is to make passwords easy to remember, but hard to guess. Passwords should never be a single word that appears in the dictionary, and it’s best to use passwords that contain both upper and lowercase letters as well as numbers or symbols. But this makes them more difficult to recall for legitimate users. There are tips that can help users create and more easily remember stronger passwords:
- Use numbers that resemble letters in passwords, e.g., use “F00tb@11” (with zeros and ones replacing the letters “O” and “L” and “@” for “A”) instead of “Football.”
- Transform a sentence into a password by using the first letter of each word, e.g., “It was the best of times, it was the worst of times” converts to “Iwtbotiwtwot.”
Simple tips like these can make easy passwords difficult to crack, but small business leaders and self-employed solo operators are still faced with the need to frequently change passwords. Password management software is one way to address that challenge.
With password management software, users can gain access to virtually all password-protected applications by using just one simple, secure password. Password management software, such as RoboForm from Siber Systems, can improve password security by enabling small companies to strengthen and frequently change passwords while eliminating the challenge of having to remember multiple passwords. Users can achieve Single Sign-On (SSO) simplicity without the cost and complexity associated with multiple helpdesk calls and password reset requests.
Self-employed small business leaders and solo operators should not assume that their company won’t be targeted by hackers due to its size: Many hackers worldwide specialize in breaching data security in the small business sector to steal valuable intellectual property and sell sensitive account information. Changing default system passwords is a must, and making it a policy to create and frequently change strong passwords is a good data protection approach. Whether they use tips to create easy-to-remember, difficult-to-crack passwords or a secure password management solution, small business leaders need to create a sound strategy to thwart hackers.
Bill Carey is Vice President of Marketing & Business Development at Siber Systems Inc., which offers the top-rated RoboForm Password Manager solution.