What do these numbers have in common?
The answer? They are all terribly weak passwords that people use all the time. More than 2 million people share the password 123456, for example, according to Nord Security, a developer of cybersecurity products. See their 2020 list of the 200 most common passwords here. All these passwords take only seconds for bad actors to figure out.
Using “password,” “qwerty” (the first six letters on the top row of a computer keyboard), a business address, a home address or a date of birth are just as bad. But how big is the risk? Are small businesses really likely to be targeted by cyberthieves?
Strengthen Your Passwords
The “good” news, according to Verizon’s 2020 Data Breach Investigations Report, is that “only” 28% of breaches targeted small businesses last year, which is much less than in previous years. So, if you are a small business owner, there is “only” a 1 in 4 chance that someone will try to steal your customers’ credentials, their personal information or their payment card information. Yikes.
Strong passwords are one easy-to-implement defense against such attacks. According to the Small Business Association, strong passwords or pass phrases share the following characteristics:
• 10 or more characters
• A combination of uppercase and lowercase letters
• At least one number and one special character
Consider using a passphrase (a series of words) in place of a password, and exchanging numbers, letters and characters to make it harder for someone to crack yet still easy for you to remember. For example, a passphrase could be I last ate a steak, but it could be typed as iLast8@Ste*k.
Protect Your Passwords
Of course, even the strongest password or passphrase is useless if it is written on a sticky note and is stuck to a computer screen, left near a laptop or taped to a point-of-sale terminal. Using a password manager—a software application that safely stores and manages your online credentials—could be helpful.
Allow only authorized personnel to use business equipment. Make sure they set and protect complex passwords as well.
Consider Using Multi-Factor Authentication
If you have tried to access your bank account lately from a device your financial institution doesn’t recognize, you likely received an email, text or call asking you to confirm your identify first. You might be asked to answer a security question or asked to submit a special code within a few minutes of receiving the message. That additional security process is known as two-factor or multi-factor authentication, and it’s one more way to protect your small business, especially if some of your employees work remotely.
Consider implementing this technology to protect especially sensitive data on your network. Many insurance companies are now making this a mandatory protection in order to receive a cyber liability insurance quote or to keep existing cyber insurance coverage. Learn more about multi-factor authentication here.
Download the Federal Trade Commission’s Cybersecurity for Small Business factsheets for more tips and ideas about protecting your business from cybercriminals. If you have questions about cyber risk and your businessowners insurance policy, contact your Hylant service team member. Don’t have one yet? Contact us here.
The above information does not constitute advice. Always contact your insurance broker or trusted adviser for insurance-related questions.