The invention of web-based corporate tools and services have alleviated a plethora of communication and organizational needs faced by businesses. With this mass adoption, however, comes a potential danger that proprietary information might be accessed by unauthorized users.
Hackers are utilizing developed techniques, typically brute-force attacks, that allow them to search for passwords based on trends and frequent user habits.
What is a brute-force attack?
Brute-force attacks are those where hackers try as many passwords or key phrases as possible in the hopes of gaining access to secure accounts. Many hackers will use programs that can perform these searches swiftly, using dictionary content to scan frequently used words and combinations.
To counteract this danger, it is crucial for your business to understand what adequate password complexity entails, and the common pitfalls that allow hackers to breach corporate systems.
First, imagine a likely scenario in which your company has successfully implemented a file-sharing software that allows for the quick and easy transmission of documents and contracts to and from clients. However, several users were a bit careless with their information, keeping information posted on publicly accessible sticky notes and using simple passwords such as '123456'.
With ease, a single hacker was able to crack their account and infiltrate the entire corporate system. Suddenly, all of the time and money invested into the software implementation is mitigated.
How have password hacks impacted businesses?
The danger of brute-force attacks isn't just local, and more often then not these attacks occur on a large scale basis that can affect millions. In February 2016, Alibaba, a Chinese e-commerce website, was the victim of a brute-force attack that left 21 million accounts vulnerable.
When you consider the large-scale effect of such an attack in contrast to the simple solutions that are available, it should be clear that password complexity is essential for any company or individual that utilizes web accounts and services.
So what makes a password complex? Listed below are some tips:
- Use a combination of numbers, uppercase, lowercase, and special characters.
- Avoid including words that can be found in the dictionary.
- Avoid including the answers to security questions, or any personal information that can be found publicly.
- Make your password 12 characters minimum.
- Don't rely on obvious character substitutions, such as a 0 instead of an "O".
These tips can easily be used to inform colleagues, employees, or family members on the use of web services with security in mind.
In addition to utilizing these tips for creating individual passwords, consider using a separate password for each account that you use. Hackers that gain access to one account will typically test that same password on a multitude of platforms.
Now that you understand how to create effective passwords, make sure that your tools and services support a thorough and flexible password management structure. With many users viewing crucial documents within file-sharing services, it's important that administrators are allowed to set required password rules and regulations. These might include character minimums, mixed case rules, and a requirement for resetting a password after a designated expiration date.
What Else Can Be Done?
Maximizing security components should not be left entirely in the hands of your employees. When researching a new system for your business, consider the following essential features:
The core definition of two-factor authentication is a security measure that requires not just a password, but some other means of identification for a user. This may mean linking your account to an email or cell phone number for user verification, or it could mean key card swipes for physical security measures. These various extra steps will help ensure that your valuable information is kept secure.
SecureDocs utilizes the end-to-end encryption of data. This is perhaps one of the most effective ways to achieve data security. Our data encryption translates your data so that only users with a secret key, or decryption key, can access it. This means that your information is with our service, with measures in place to ensure that even if a server is compromised, your information is in safe hands.
Whether you're a company administrator, employee, or just a frequent internet user, apply these tips and look for these key features to help your data and personal information stay in the view of intended eyes only.