EVERNET shares best practices for world password day on May 2.
Today people have an overabundance of online accounts for everything from home security to food delivery. In an effort to keep all of this account info straight, many users practice poor password protocol, according to IT tech expert Eric Buhrendorf. The CEO of EVERNET, a computer consulting and service firm in Connecticut, is urging everyone to observe World Password Day on May 2 to protect against hackers who are literally testing every word in the dictionary against your password.
“Using the same password for every account would seem to simplify things, but it can actually cause more headaches,” cautioned Buhrendorf. “Hackers are taking the usernames, emails, and passwords from the hack of one company and automatically testing the same credentials at many other companies, as was the case with the latest reported Turbo Tax account hack. Turbo Tax itself wasn’t hacked… it was the poor password habits of their user.”
The 2019 State of Password and Authentication Security Behaviors Report, conducted by Ponemon Institute, found that despite an increased understanding of best practices, users are not taking precautions.
Passwords continue to trip up users and compromise security. The report noted 69 percent of respondents give coworkers passwords to access accounts, while 51 percent reuse an average of five passwords for both personal and business accounts.
Buhrendorf offered these five best practices for businesses and individuals:
1. Have unique passwords for every user and every account. Co-workers and family members using the same passwords leads to nightmare situations. To ensure that the length and complexity is appropriate, use a password generator like the free one from LastPass www.lastpass.com/password-generator.
2. Enforce a policy to change all passwords in a reasonable frequency – be it weekly, quarterly, twice-yearly, etc. But how do you remember all those passwords? Use a password management process. LastPass also provides a tool called a Password Manager that can be installed on all devices.
3. Use layers of authentication for additional protection. Take advantage of such effective safety measures as inputting a PIN emailed or texted to you, and responding to questions with preset answers.
4. Strong passwords make it significantly more difficult for hackers to break into systems. They should have more than eight characters comprised of uppercase and lowercase letters, numbers and symbols. Spread out the numbers and special characters rather than bunching them together, and avoid the obvious such as a birth date or a child’s name.
5. Beware of phishing emails and phone calls looking for passwords. Trust no one – not even contacts you deem safe. Your IT department, boss, friend, bank or government agency should ever ask for your password. Employers can provide training and set protocol to immediately report if a device has been compromised so the damage might be contained.
Buhrendorf also warns to avoid any prompt from an outside source to do anything – such as provide a password or click on a link, as it is a red flag signaling a hacking. A good antivirus program can help prevent damage if the hacker is successful.
“No matter how strong your passwords are and how meticulous about safety you are, hackers can find ways to monitor your keystrokes. Make it as difficult as possible for them with up-to-date virus scanners and regular updates,” Buhrendorf said.
Buhrendorf shared an example of what can happen if virus protection is not updated. During a routine maintenance years ago, EVERNET recommended that a small business client replace its antivirus with the newer product. The owner declined to follow EVERNET’s recommendation and four months later – on Thanksgiving Day – the entire company was the victim of a cryptolocker attack. The entire business was shut down.
“We responded immediately and by the following week the business was back to operational,” said Buhrendorf. “With every client, if we see something, we say something. We always make recommendations that meet our standards and those of the industry if we see something deficient.”
EVERNET customers can call or email the EVERNET Help Desk with any questions or concerns about the legitimacy of a possible phishing attempt or any security related issue. If there’s been a breach, speed is of the essence to stop the bleeding of data and secure the network.
“Identity theft is one of the world’s fastest-growing crimes. Practicing active password management can help protect business data, personal emails, bank accounts and social media platforms,” Buhrendorf said.
Since 2007, EVERNET has provided trusted computer support for Connecticut businesses of all sizes. Its wide range of tailored IT solutions includes managed services, network administration, help desk support, training, onsite computer installation and repair, data backup and recovery, remote IT services and more. For information or to schedule a free consultation visitwww.evernetco.com or call 860-656-7810.