Staying safe online these days is more important, and harder than ever. So much of our business and finances rely on the internet, and the methods of stealing data are becoming more and more sophisticated. Here are our top tips you can use now to improve your online safety:
Change your company domain password regularly:
Changing your company domain password regularly is vital. You could have the most complex password ever, but that doesn’t mean much if a hacker already knows it. Data breaches occur all too frequently, and these breaches can result in usernames, emails, and passwords becoming known to hackers, which they can use to compromise any accounts you may have that use those same (or similar) login details.
By changing your company domain password regularly, you greatly reduce the chances of your password being used, in the case of a breach. We find 90 days, 3 months, is a good balance for security and convenience. As always, we recommend making sure your password is unique, over 8 characters long, and contains a mix of upper case and lower case letters, numbers, and symbols. The more complex and random, the harder it is for a computer and attacker to guess or crack – we wrote a blog post on writing the perfect password here.
Don’t repeat your password on multiple sites:
If one website is breached and your password is stolen, will the cybercriminals suddenly have access to all your accounts? As we’ve written about before, no matter how secure your password is, if you use the same one for a bunch of different sites your security can be compromised by any of them being breached, and the consequences will be much more severe.
Create a secure password and find a way to make it unique for each site; that way your passwords are much more secure.
Use a password manager:
I know what you’re thinking, “how am I going to remember 100 different passwords?” Password managers like LastPass remember them for you. You can store all your passwords, then use them as and when you need them from a handy browser extension. You can also make use of your phone to authenticate any login requests, for added security.
Use Multi-Factor Authentication where possible:
Multi-factor authentication is incredibly effective in preventing accounts from being compromised. The concept involves using multiple forms of identification to log into an account. By forms, we mean:
1) Something you know, a password, pin code, etc.
2) Something you have, a phone or key fob
3) Something you are, a fingerprint
Requiring multiple forms of identification means that if an attacker does acquire your password, they still cannot access your account because they do not have your phone to approve the login, for example.
Always log out when you’ve finished on a site:
It’s easy to forget to log out of sensitive websites when we’re finished, but it’s important to keep it in your mind to help ensure your security. Say an attacker gains remote access to your computer, what can this attacker quickly manipulate? Fortunately, banking websites are mostly wise to this threat and automatically timeout your access if you’ve been idle for a short while, but many other websites hold a great deal of your sensitive information, and almost never log you out!
What data could an attacker get from your social media messages? Your email? Even worse, if you’re logged in to any shopping websites they could direct orders to themselves, or steal payment info for social engineering, as we detailed here.
Delete your cookies and saved passwords
Does your browser have your passwords saved, so you can log in quickly? Browsers implemented that feature because it saves time, but typically those passwords aren’t stored securely enough, and if your computer is compromised all those passwords can be sent right back to the attacker! Worse, cookies can be used to gain access to your accounts even without the password – as happened to Yahoo when they had a major breach in 2016.
Keep your cookies nice and clean to help improve your security and get a secure password management tool rather than relying on the insecure one bundled with your browser!
Good basic security advise. Interestingly it seems Microsoft are pushing away from passwords and favouring 2nd/3rd factor authentication – e.g the authenticator app. Will passwords ultimately die?
Interesting point Dave! We’re also pushing for 3rd-factor authentication as opposed to passwords so it is a big possibility that passwords in the future will die out.