Did you know that a common way criminals guess passwords is through social media posting? On Facebook, it’s common to see posts encouraging comments from users such as: “My grandmother’s name was Eunice. Comment your grandmother’s name to see how different they were than today!” or “Find your birthday twin in the comments!” A friend or relative might even reply to the comment. Hackers now have your name, your grandmother’s name, your approximate location, and your date of birth. This is plenty of information when it comes to cybercrime.
Today – May 5, 2022 – is World Password Day, intended to remind everyone about the importance of cyber security and warn them of potential cyber threats they or their business might face. Make sure you’re protected by following these helpful tips when it comes to setting a password and protecting yourself online.
Password Practices
The average internet user has about 25 accounts to maintain. Despite this, most people only utilize an average of 6.5 different passwords to protect them, according to a study done by Microsoft. With identity theft and data breaches becoming an ever-growing problem, it’s important to not only have a different password for each account, but to make those passwords easy for you to remember and hard for cybercriminals to guess. Here are some password tips you can utilize online.
- Change your password every 90 days. This might seem like a hassle at first, but hackers have a better chance at cracking your passwords if they never change. Also, get out of the habit of reusing old passwords.
- Passwords should be at least eight characters long. Generally, the longer a password is, the harder it is to guess.
- Don’t use the same password for each account. Hackers target lower security websites and then test the cracked passwords on higher security sites. Make sure every account you use has a different password.
- Passwords should include all cases, letters and numbers, and special characters. Special characters include symbols like “*”, “$”, and “*”. Get creative!
- Don’t use easily-recognizable names as passwords. All it takes for a hacker to crack passwords that include these things is a little research on social media sites. If your Twitter handle is “PorschGuy383”, they’re going to guess that your password might include references to the brand.
- Don’t use identifying numbers or information, such as bank account numbers, credit card numbers or PINs, or birthdays. Similarly, if “PorschGuy383″‘s account was hacked, cybercriminals might assume his birthday is March of 1983. Not only could hackers use these passwords to gain unauthorized access to your accounts, they could use this information to empty your bank accounts or charge thousands of dollars to your credit card.
- Passwords should be easy to remember, but hard to guess. Think of an important event that has happened in your life, and then make a sentence out of it. Then, remove the spaces, turn a word or two into shorthand of some kind, or intentionally misspell a word, and add significant numbers if they aren’t already in the sentence. For example, if you adopted two golden retrievers in 2015, you might end up with “2GoldenRetrievers15*”.
Phishing Scams
Phishing is a type of cyber fraud that utilizes deceptive emails or other electronic communication to manipulate the recipients into sharing sensitive information, clicking on malicious links, or opening harmful attachments. While emails are the most common delivery method of phishing attempts, cybercriminals may also use voicemails, live phone calls, text messages, fake or misleading websites, and social media messages. Here are the six most common types of phishing scams to watch out for.
- Deceptive phishing is when a cybercriminal impersonates a recognized sender to steal personal data and login credentials.
- Spear phishing is typically aimed at specific individuals or companies by using personalized information to convince victims to share their data.
- Whaling aims to trick high-profile targets, such as CEOs, CFOs, and COOs into revealing sensitive information, like payroll information or intellectual property.
- Vishing is sometimes called “voice phishing”, and occurs when a criminal calls a target’s phone to get them to share personal or financial information.
- Smishing refers to “SMS phishing”, and incorporates malicious links into SMS text messages.
- Pharming redirects a victim to a site of the cybercriminal’s choosing by installing a malicious program onto their computer.
- Government Agencies like the IRS will never call you about owing money, and they certainly won’t text you or reach out on Instagram. They will always send a letter in the mail through your listed address.
Mitigating Password Theft
Password protection is just as important to businesses as it is to individuals. Businesses not only have to keep their own data safe, but have to guard the data of their customers, clients and employees. Making sure your business’s cybersecurity policies are up to date is crucial to protecting information. Most of the rules that apply to personal data, such as having hard-to-guess passwords and being weary of phishing apply to businesses as well. Here are some additional ways you can make sure your business data is safe.
- Report suspicious emails.
Make sure to flag any suspicious emails as spam and, if applicable, report them to your IT department. - Use anti-virus software and two-factor authentication.
Activate the software’s auto-update feature to ensure your software is always up to date and have employees use two-factor authentication with their business accounts. Be sure to install firewalls on all business computers. - Do not give out your passwords to anyone.
If someone at your company needs access to something, there are ways of sharing without giving them access to your account. Never give out account information to people outside the organization. - Backup your data.
Many users have either experienced the pain of losing valuable data or will at some point in the future. Back up your data to prevent this from happening. - Limit use of public Wi-Fi.
When traveling, make sure you have a secure internet connection to conduct your business on. - Get vulnerability assessments.
Vulnerability assessments will let you know where your business is most susceptible to data breaches. FBinsure offers FB Cyber Defense to our commercial customers. - Keep work at work.
Make sure never to use public or personal computers when accessing business data. - Check your security on a regular basis.
Evaluate your system security settings regularly and be sure to download all security protection updates. - The right equipment.
Make sure employees know what to do to maintain current security with their equipment, especially if they work remotely. Educate employees on updating their virus protection software and how to create proper passwords. Be sure to designate a person to contact when problems arise.
For more risk advisory services like FB Cyber Defense, call your local FBinsure office today. To learn more about how you can stay safe online, read our blog and visit our social media pages for updates and useful tips.