Time For A Password Refresh

Password Refresh

We often tend to be creatures of habit, particularly when it comes to technology and passwords are a prime example. Many people use the same password for multiple websites and applications because we don’t have a photographic memory. Most users though aren’t aware that this is one of the most significant security dangers they can face online and one with an easy fix. Continue reading

Do You Have a Bad Case of Password Exhaustion?

Passwords

You’re not alone! Most people use the same password everywhere – home, work, Twitter, Facebook, email and even for banking. Considering how many passwords we use everyday and are expected to remember them, password exhaustion is a real thing. It is no wonder that when yet another prompt for a password appears, users enter very easily guessed combinations like ‘abcd’ or ‘password’.

Trouble is, even if your password conforms to strict password rules, hackers are taking regular strolls around the internet and collecting logins and passwords, from either leaked details or sites with security flaws.

Then, they will try their luck with that login/password combination on other sites. They know more than half the users only have only one password and email combination, so the chance of gaining access into another one of your accounts is quite high.

As the same password is used elsewhere, one site breach follows another and another until hackers have nothing more to gain. The only way to break this chain reaction is to use a different password for each site.

How to Create Easily Remembered Passwords

Have a system or template for creating your own unique passwords, that you’ll be able to remember, but is not obvious to hackers. For example:

<character><word><something about the site><numbers><character>

Becomes:

 !K1ttyFB75!

At first it might seem complicated, but the above is really just based around the words ‘kitty’ (with an upper case K and a number 1 for the i) and ‘FB’ for Facebook. For other sites change the FB to something else.

What to Do If Your Password Has Been Hacked

You can check to see if any of your accounts have been compromised by entering your email into a site like:

www.haveibeenpwned.com

If it alerts a breach, you will need to change your passwords immediately – all of them. Use the example system above to create a new set. If you’re struggling to remember your set of passwords, consider using a secure password tracker such as LastPass. (http://www.lastpass.com) or Keepass (https://keepass.info)

If you assistance changing your passwords or setting up a secure password system, let us know on (08) 8326 4364 and we will be more than happy to help you out.

3 Essential Steps Before You Fire an Employee

Before you fire an employeeYour employees need access to your IT resources and accounts so that they can do their job, but what happens to that access and those passwords when you fire them? Nobody likes to think of firing their employees, or why you’d need to, but nonetheless, it is a responsibility of every business owner and they will face it at some point in time. While your book keeper or accounts team will stop their paychecks it is important to take the same proactive stance to stop their system access.

Most of the time, former employees leaves under good terms and you’ll wish them well. If you are lucky they may even manage the hand-over to their replacement (so your productivity losses are minimal). Other employees may leave your business reluctantly and / or angrily. While you will have very different feelings about the two scenarios, the risk to your business remains high until action is taken. Here are 3 steps you can take to protect your business from an angry ex employee:

Step 1: Limit access to a need-to-know basis

You might be surprised how often a new employee is presented with access to every ones account and has access to all the company data. Accounts, staff & customer details, strategy, marketing etc etc…all those sensitive parts of your business that have made it a success are exposed. A better policy is to limit access to only what the employee needs for their job. Rather than view it as a lack of trust, your employees will appreciate the care you’ve taken to protect your business (and their job). It also helps keeps them from becoming overwhelmed, confused or tempted if the situation ever turns sour. Likewise, take a few moments to delete old or temporary accounts that are no longer required – you never know when a hacker or disgruntled employee will squeeze through those gaps.

Step 2: Quickly change passwords

On average, it will take at least a week before passwords are changed after an employee is fired – if at all! Unfortunately, this type of delay is one your business can’t afford. In 2017, an ex-employee from the American College of Education held their entire email system to ransom for $200,000 after an unhappy exit. Stories of others stealing client databases are also common – especially if they leave to start their own business or work for a competitor. It is not just full-time employees either, contract and part-time employees such as social media managers and customer support email specialists often have access to more of your business than you might imagine. Yes you may be able to get the person involved prosecuted but it only takes seconds to login and wreak absolute havoc on your network. Knowing you can force those bad eggs into a lengthy court case is poor comfort considering the extent of damage you’ll likely endure. The best option is to change their access credentials fast – even before your employee knows they are fired. This lessens the chance of revenge attacks and opportunistic access.

Use a password manager

If you have good password manager like KeePass or LastPass, reducing your risk becomes mostly automated. You will be able to keep your passwords in a central vault and only share passwords to those who need that access – plus you can section off the passwords to different sections or job roles. If an employee leaves or moves to a new internal position you can change or revoke access.

We can help you secure your network and use a password management tool. Contact us at

su*****@dp*********.au











or 08 8326 4364.