How Easy Is It for Someone to Nab Your Password?

how easy is it for someone to nab your password
data-security-hacker-password-security-breach-mobile-patch-theft

Network World recently came out with a list of people sent to jail in 2013 for computer crimes, whether it was stealing passwords or hacking into a system to obtain and then sell sensitive information.

Sometimes, the hackers involved demonstrated technical expertise.  Other times, the cyber-criminals didn’t have to make use of any sophisticated IT knowledge in order to access people’s private accounts and networks. 

One example is a man who was able to illegally access the private emails of celebrities simply by asking for the password to be reset and then answering security questions using publicly available knowledge about these famous people.

As the owner of a small or medium-sized business, you may already have some security measures in place, such as Firewalls and anti-virus programs, to reduce the chances of someone breaching your cyber-defenses and gaining access to your network and various private accounts. 

But don’t overlook the rather simple ways hackers can succeed in stealing your password.

Consider the following issues:

  • Is your password really simple? Sometimes a hacker would be able to figure out your password just by knowing certain things about you, particularly if you use common words or facts about yourself (e.g. the password is your last name, birthday, etc.).  Among hundreds of thousands of passwords stolenfrom social media accounts at the end of last year, an alarming number were ‘123456’ or words like ‘admin.’  Make sure your passwords are long and complex enough.
  • What kinds of password recovery options do you have in place? Do your security questions have obvious answers that people could look up through a simple Internet search? To give an example of one precaution, some people use deliberately false information as the answers to their security questions.
  • In your business, who has access to certain passwords? Don’t discount the possibility of irresponsible or malicious actions undertaken by an employee (or ex-employee).

Given that your passwords are the keys to your network and to your sensitive information, you’ll need to come up with a comprehensive strategy for protecting them, not only from theft by malware or from phishing.  

Contact us to discuss your security vulnerabilities and come up with ways to better safeguard your passwords.

3 Ways that Hackers Steal Data from Small and Medium Businesses

3 ways that hackers steal data from small and medium businesses

It used to be that hackers stole the data on your computer network by sending malware to your system. But you and other owners of small and medium businesses got wise to these methods by installing a firewall and security software. These digital measures went a long way in reducing nefarious attempts at theft.

But hackers got wise. They now steal data by tricking you into physically revealing important information. The following are just three of the methods they like to use.

Phishing

Phishing gets you to reveal your confidential data such as passwords, credit card numbers, or Social Security number by faking an entirely legitimate website.

You may think you’re signing into your financial institution, retirement account, or government department. In actuality, hackers are showing you counterfeit pages so you can give them your private data. The quickest way to uncover such chicanery is to look at the text listed in the address bar of the site, also known as a URL. If it bears no resemblance to the title of the site or its agency, then your on a fake page.

For example, “.gov” is the ending of any U.S. government website. If the address shows “SocialSecurity.COM,” then the page is not affiliated with the government at all.

Fake Emails

Few people are going to accidentally stumble onto a phishing site, especially if they manually type in the correct address. Hackers bring you to their web pages by giving you a link, which they reveal in a fake email. You receive a message, purporting to be from a legitimate company, asking you to sign into the site to confirm information.

To be helpful, the email contains a link, which you click to reach the phishing site. To guard against this, never click on an email link. Instead, manually browse the site in question by typing its URL in the address bar. You can then independently confirm if the company is wanting your information.

Fake Dialog Boxes

You probably have dozens, if not hundreds, of programs and widgets on your system to help you run your business. So if you receive a dialog box asking you to update existing software, you simply click the OK button.

You think you’re automatically setting up the latest version of a program. Instead, you may either be taken to a phishing site or release malware onto your system. Use the same response as with fake emails. Ignore the link and manually browse the update site to confirm that it’s real.

Guarding against data theft is something you must do constantly. The hackers only have to succeed once to damage your business. For more ways to protect your network, please contact us.