Posted on Thursday, June 06, 2019 in CybersecurityBlog written by Rob Swenson
Data breaches that leak other people’s information have become painfully common. No individual or organization is immune from the potential impact. Not even people who work for companies that specialize in cybersecurity.
The possible impact of data breaches can be substantially reduced, however.
One of the most effective and simple steps is to use a different password for every computer account, according to Chad Pew, manager of information technology at SDN Communications in Sioux Falls. In addition, people should change all of their passwords regularly, he said.
“I preach to our group to not use the same password. Use a different password for each site that you use on the internet,” Pew said.
Using a single password for multiple sites is dangerous if information for one destination gets leaked somewhere, other accounts become vulnerable, he said.
The hacking culture is so pervasive. Professional and wannabe hackers have their own online shopping sites to buy tools and even targets. A high degree of protection is necessary.
ALERT AND PROTECT
SDN took a cautionary step in recent months that helps illustrate a challenge that businesses are up against.
SDN subscribed to SpyCloud, a service that scans the Dark Web to see what information about company-owned domains is available for sale. Pew wasn’t surprised by the scan's results, but I was. Password information was available for sale for 77 employee email addresses. That’s more than half the company’s current workforce of about 140 people.
The information on the Dark Web wasn’t all up to date, however. Some of the email addresses belonged to employees who had been gone for years and it's likely many of the passwords have been changed.
Nevertheless, Pew reached out to employees still with the company and reminded them to change their passwords.
In addition to using a different password for each online account, he suggests creating passwords that are complex and include random characters – including numbers, symbols and both upper- and lower-case letters. He does not favor using words found in a dictionary.
Pew is also a fan of password management tools, such as KeePass, Dash Lane, Last Pass, and 1Password. Such management services encrypt and store passwords so that a user only has to remember one password. Such tools also can create randomly generated passwords.
Pew also urges people to use two-factor authentication, whenever possible, to access their accounts. This makes hacking more difficult.
Increasingly, however, hackers are finding ways to defeat two-step identification. Pew is now considering adding an additional tool at SDN – the YubiKey, a device similar to a memory stick. After it’s registered, users insert the YubiKey into a computer USB port and tap to complete the authentication process. A similar device allows users to tap it against their phones for authentication.
Pew expects such verification tools to be increasingly popular.
CYBER & IDENTITY CRIMINALS NOT BACKING OFF
Pew also can vouch firsthand for the importance of guarding personal information. Last Christmas season, his identity got stolen. Someone created an account in his name, ordered five new iPhones and had them delivered to Pews’ home. Pew wasn’t at home when a delivery service dropped the package off, but his wife was. This probably disrupted the scheme.
Pew and the police theorized that the online buyer planned to steal the package before he realized the phones had been purchased. But thanks to his wife being home, Pew was able to return the phones at no cost. He also opened a fraud case and froze his credit to prevent other criminal shenanigans.
Unfortunately, data breaches and identity theft have become common across the United States. And there's no sign the bad guys will slow their activities. Businesses and individuals should take precautions to reduce their chances of being victimized.
SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.
Download SDN’s three cybersecurity posters, including one on protecting passwords, to help raise cyber awareness at your business. Use the button below.