Everything You Need to Know About Securing Your Passwords
Businesses, including even very small ones, are finally starting to take note of the severity of cybersecurity threats. Cybersecurity is one of the most expensive threats companies face. These threats are growing in the face of increases in remote work.
Consumers are going to have to gain the same sense of awareness.
So much of our lives are digitized. For example, we use cloud-based solutions at home for personal reasons and at work. We also use IoT devices which can become an attack vector for bad actors, and often there's minimal distinction between our work accounts and personal lives. For example, you may be using the same device and passwords for both.
This puts not only your employer at risk of a data breach, but if your employer were the target and you were reusing passwords, then your personal financial information and private data could be compromised.
You can see how there's very little differentiation between all of the data and information we keep and access on a daily basis in work and personal situations.
The best thing you can do across the board to protect yourself financially and at work is to use good password practices. It seems simple, but passwords and phishing remain the most effective strategies for cyber attackers.
With that in mind, we outline some of the things you should use for your personal financial accounts and other password-protected data, and you can also extend these to your work accounts.
How Do Hackers Get Your Passwords?
There are a lot of ways a hacker can get your password, some of which can be complex and others that are relatively simple.
A big one is unsecured Wi-Fi. When you're using public Wi-Fi at a coffee shop for example, you're essentially providing access to all of your files. Your activity, whether it's work-related, or something to do with your personal finances, can be monitored by a hacker on the same network.
If you're going to do anything personal or work-related on an open Wi-Fi network, you should use a Virtual Private Network (VPN).
Using synchronized data is another way that a hacker can get your passwords through attacks on cloud servers.
Another example is phishing. Hackers have become increasingly skilled at fooling even tech-savvy people with phishing. Once you for example click a link or open an attachment sent as part of a phishing attack, the criminal may install malware on your device or trick you into entering your credentials to a fake site.
Then if more malware is installed on your device, it can steal your passwords by installing keyloggers that record your strokes.
Once a hacker gets your passwords, they can access your personal financial data or account information. If you have work information on your device, they can steal customer and company information.
Choosing a Secure Password
The more complex your password, the better for work and personal accounts.
General password tips include:
· Use two-factor authentication whenever possible. Two-factor authentication requires you to provide more information than just a password. Many of the companies you have accounts with may use this already. If you have to opt-in, do so.
· Make your passwords as complex as you can with numbers, symbols, and a mix of uppercase and lowercase letters. The longer your password, the longer it takes to hack. If you're worried you won't be able to remember your password, never email it to yourself or write it down. Instead, think about using a password manager.
· Change your passwords often. Yes, it's a pain, but the alternative can be much worse than a few minutes of inconvenience.
· Use different passwords on different accounts, and try to make your work and personal passwords very different from one another. You can use a password generator to create strong, unique passwords.
· If you're using public Wi-Fi for any reason, don't visit websites that require you to log into an account. For example, never log into your bank account or shop while you're on public Wi-Fi.
Steps to Avoid Phishing Attacks
Take personal and work protections against phishing.
Be cautious before you open any email, and always be very suspicious when an email is asking you take any action quickly or attempt to take advantage of your emotions.
Make sure you verify that you know a sender before you click any links or attachments. If you aren't sure, verify with the person who supposedly sends you the email.
Using antivirus and endpoint protection software is helpful too.
Your employer may provide you with endpoint protection if you use your own device for work, and you should make sure you keep it patched and updated.
Choosing a Password Manager
Again one of the simplest ways to protect yourself but do so easily is to use a password manager.
A password manager securely stores all of your passwords so you can maintain unique ones. The pros of a password manager include the fact that, of course, the password is remembered for you.
There are some downsides that you do have to think about. For example, there is still a level of vulnerability, and you could end up forgetting your master password. You might also find the setup and use of a password manager tedious, but it offers a better alternative than not having one and using the same simple passwords time and time again because they're easier to remember.
What to Do If a Password Is Compromised
Finally, even with the best cybersecurity practices a password could be stolen. The first thing to do is change it right away. Hopefully, you have different passwords for all of your accounts so you just have to change the one.
You'll also need to monitor your financial accounts and make sure there's no activity. If you used the same password for work accounts, you should let the IT team know what happened to decide what they need to do on their end.