Myth-busting: Cyber Criminals are not interested in my passwords

Passwords, passwords, passwords, you might have heard the guidance around having a secure password, but have you taken action to make yours more secure?

In a report by Varonis Software, it was revealed that 60% of companies have over 500 accounts with non-expiring passwords. Earlier this week, a 21-year-old student reported that she was logged out of her Depop social shopping app account and thought nothing of it. She said: "I thought I had just forgotten my password when I couldn't get back in, but a couple of days passed, and I realised something wasn't right.” Amelia then received a message from a stranger on Instagram, to alert her to the fact that her account had been taken over by a scammer advertising Apple AirPod headphones for £50. This is a real-life example of why you need to change passwords often and to make sure the same password isn't used on multiple systems, as once it is compromised on one system the rest can follow. This example is from social media, but it could equally be your business systems. As a business owner, it is likely that your accounts will hold personal data about your customers, your business and its finances. Choosing one single password for all your accounts could put your business at more risk of a cyber incident, where your valuable data could be stolen. The aftermath of this may put your business at legal or financial risk, and at risk of breaking the General Data Protection Regulation (GDPR). If you employ staff to help run your business, you should make sure they are not storing their passwords near their devices and that when their devices are not in use, they are locked or turned off. Why do hackers want my passwords? For hackers, obtaining your password is similar to a burglar stealing the front door key to your house or business premises. A password is the key to the front door of your business, and once hackers have the key, they have unpermitted access to the contents of your business. Why do hackers want to access my emails? If a hacker gets into your email, they could reset the passwords for your other accounts using the ‘forgot password’ feature or access information about yourself or your business. For example, do you have emails with your accountant discussing finances? Or do you have emails between clients that disclose private details? How can I strengthen the security of my email accounts?

  • Use a strong and separate password for your email.

  • Your email password should be strong and different to all your other passwords. This will make it harder to crack or guess.

  • Using 3 random words is a good way to create a strong, unique password that you will remember.

  • You should also protect your other important accounts, such as banking or social media.

At The South East Cyber Resilience Centre, we offer a range of services for businesses to help you identify your digital vulnerabilities and weaknesses or, if you are a victim of a data breach, we can run an individual internet investigation that would identify what personal or private information is publicly available online. Find out more on our dedicated Student Services page www.swcrc.co.uk/services. We also offer a range of membership packages that are designed to help your business become more cyber resilient. With 43% of cyber attacks being aimed at small businesses, and with only 14% being prepared in the event of an attack, there has never been a better time to join us. Take a look at the membership packages available on our Membership page. www.swcrc.co.uk/membership.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South West is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South West provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the South West does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South West is not responsible for the content of external internet sites that link to this site or which are linked from it.