On average, a cybersecurity attack will cost a business $200,000 which is why these attacks have put so many small businesses out of business.
If you want to stay in business, you need to do what you can to protect your business against all types of cyberattacks. This includes brute force attacks.
Keep reading to learn some password best practices you should be putting in place to keep your business safe from brute force attacks and other cybersecurity threats.
A brute force attack is one of the oldest forms of hacking that cybercriminals are still using to this day. It involves attempting to gain access to an account by guessing a password until the correct one is found.
This method has been modernized over time and now involves using powerful computers that can attempt hundreds or thousands of passwords every second to gain access to an account within minutes, hours, or days.
Fortunately for business owners, there are some password policy best practices that can be put into place which will help thwart hackers that use this method. Let’s get into some of them now so you can start implementing better security practices.
The longer your password is, the harder it will be to guess. This is because for every character, there are at least 62 options with just numbers and lower and uppercase letters. This number is even greater when special characters are included.
A password that’s 12 characters long will be more than twice as hard to guess because of how many additional combinations each additional character creates.
Even an unskilled hacker or one that doesn’t have the best computing resources can still guess your password if given enough time. For that reason, it’s important to have your employees change their passwords frequently.
Set up a frequency at which passwords need to be changed, whether it’s every year, every quarter, or every month. Then, be sure your employees are always selecting a new password rather than one they’ve used previously.
When coming up with a secure password, one of the things to keep in mind is to avoid bunching up the letters and numbers. This can make it easier to guess. Instead, intersperse the types of characters to strengthen the password.
For example, dog123 has all of the letters together and all of the numbers together. A safer password would be d1o2g3. Including a combination of lowercase and uppercase letters and adding special characters would also help strengthen this password.
Once you come up with a strong password that you can remember, it’s tempting to use that password for everything. However, that’s putting you and your business at risk for cybersecurity attacks.
Encourage employees to use a different password for each of their accounts. It’s particularly important for them to use different passwords for their work and personal accounts.
If your employees use home computers for remote work, it’s even more important for them to have secure passwords to access your software. This is because most individuals don’t protect their home computers as well as a company does.
Some hackers gather personal information about employees to make brute force attacks easier. Something as seemingly innocuous as a fun Facebook quiz can actually be a way for cybercriminals to access your personal information.
When you have personal information like your address, phone number, birthday, and even pet names on your Facebook profile, these are all things hackers can use to try to guess your passwords.
Ensure your employees aren’t using any type of personal information in their passwords. You may even take it a step further and encourage them to remove it from their Facebook profiles.
Something else to avoid is using dictionary words as part of your password. Hackers that use the brute force technique often use a dictionary to run these real words through to try to get into your account.
One way to get around this would be to make up words or use invented acronyms. For example, take a line from your favorite song and use the first letter of each word as your password.
If you’re not already doing so, you should be putting two-factor authorization in place. These require an employee to do two things to prove their identity. They can use:
By adding a second layer of authentication, it means that even if a cybercriminal was successful in guessing a password, they still might not be able to get into an account because they likely don’t have access to your employee’s smartphone.
These last two best password practices will focus on internal attacks that can come from disgruntled employees or outsiders that gain physical access to any device that can access your business data.
You need to make sure your employees are logging out of their accounts at the end of the workday or anytime they’re going to be away from their computer for a length of time.
This will prevent someone from getting into their account without needing the password. At this point, an individual could change their passwords and lock them out of their accounts.
One way many employees get around having to memorize so many complicated passwords is by writing them down on a piece of paper. However, it only takes someone a few seconds to swipe the information and get access to their accounts.
Now you know some of the password best practices you should be implementing in your company if you aren’t already doing so. As you can see, these can help keep out hackers that are using brute force attacks to get access to your data.
If you need help preventing cyberattacks or with any other IT services, contact us today. We would be more than happy to let you know exactly what we can do for your business to beef up your security and protect your company.
