Everything You Need to Know About Securing Your Passwords
Businesses, including even very
small ones, are finally starting to take note of the severity of cybersecurity
threats. Cybersecurity
is one of the most expensive threats companies face. These threats are
growing in the face of increases in remote work.
Consumers are going to have to
gain the same sense of awareness.
So much of our lives are
digitized. For example, we use cloud-based solutions at home for personal
reasons and at work. We also use IoT devices which can become an attack vector
for bad actors, and often there's minimal distinction between our work accounts
and personal lives. For example, you may be using the same device and passwords
for both.
This puts not only your employer
at risk of a data breach, but if your employer were the target and you were
reusing passwords, then your personal financial information and private data
could be compromised.
You can see how there's very
little differentiation between all of the data and information we keep and
access on a daily basis in work and personal situations.
The best thing you can do across
the board to protect yourself financially and at work is to use good password
practices. It seems simple, but passwords and phishing remain the most
effective strategies for cyber attackers.
With that in mind, we outline
some of the things you should use for your personal financial accounts and
other password-protected data, and you can also extend these to your work
accounts.
How Do Hackers Get Your Passwords?
There are a lot of ways a hacker can get your password, some
of which can be complex and others that are relatively simple.
A big one is unsecured Wi-Fi. When you're using public Wi-Fi
at a coffee shop for example, you're essentially providing access to all of
your files. Your activity, whether it's work-related, or something to do with
your personal finances, can be monitored by a hacker on the same network.
If you're going to do anything personal or work-related on
an open Wi-Fi network, you should use a Virtual Private Network (VPN).
Using synchronized data is another way that a hacker can get
your passwords through attacks on cloud servers.
Another example is phishing. Hackers have become
increasingly skilled at fooling even tech-savvy people with phishing. Once you
for example click a link or open an attachment sent as part of a phishing
attack, the criminal may install malware on your device or trick you into
entering your credentials to a fake site.
Then if more malware is installed on your device, it can
steal your passwords by installing keyloggers that record your strokes.
Once a hacker gets your passwords, they can access your
personal financial data or account information. If you have work information on
your device, they can steal customer and company information.
Choosing a Secure Password
The more
complex your password, the better for work and personal accounts.
General password tips include:
·
Use two-factor authentication whenever possible.
Two-factor authentication requires you to provide more information than just a
password. Many of the companies you have accounts with may use this already. If
you have to opt-in, do so.
·
Make your passwords as complex as you can with
numbers, symbols, and a mix of uppercase and lowercase letters. The longer your
password, the longer it takes to hack. If you're worried you won't be able to
remember your password, never email it to yourself or write it down. Instead,
think about using a password manager.
·
Change your passwords often. Yes, it's a pain,
but the alternative can be much worse than a few minutes of inconvenience.
·
Use different passwords on different accounts,
and try to make your work and personal passwords very different from one
another. You can use a password generator to create strong, unique passwords.
·
If you're using public Wi-Fi for any reason,
don't visit websites that require you to log into an account. For example,
never log into your bank account or shop while you're on public Wi-Fi.
Steps to Avoid Phishing Attacks
Take personal and work protections
against phishing.
Be cautious before you open any email, and always be very
suspicious when an email is asking you take any action quickly or attempt to
take advantage of your emotions.
Make sure you verify that you know a sender before you click
any links or attachments. If you aren't sure, verify with the person who
supposedly sends you the email.
Using antivirus and endpoint protection software is helpful
too.
Your employer may provide you with endpoint protection if
you use your own device for work, and you should make sure you keep it patched
and updated.
Choosing a Password Manager
Again one of the simplest ways to protect yourself but do so
easily is to use a password manager.
A password manager securely stores all of your passwords so
you can maintain unique ones. The pros of a password manager include the fact
that, of course, the password is remembered for you.
Your passwords can be
unique and complex, and they're encrypted.
There are some downsides that you do have to think about.
For example, there is still a level of vulnerability, and you could end up
forgetting your master password. You might also find the setup and use of a
password manager tedious, but it offers a better alternative than not having
one and using
the same simple passwords time and time again because they're easier to
remember.
What to Do If a Password Is Compromised
Finally, even with the best
cybersecurity practices a password could be stolen. The first thing to do
is change it right away. Hopefully, you have different passwords for all of
your accounts so you just have to change the one.
You'll also need to monitor your financial accounts and make
sure there's no activity. If you used the same password for work accounts, you
should let the IT team know what happened to decide what they need to do on
their end.