As a small business one of the last things you’ll be worrying about is cyber security. Cashflow, stock levels, bills; all far more important than securing your IT systems and protecting you data…right?
The thing is that cyber security doesn’t need to be difficult. You don’t need to spend thousands of Pounds on security audits and penetration testing, there’s five simple things you can do today to secure your business.
Each day this week we’ll be focusing on a specific element of cyber security that you can implement in your business. For today, it’s strong passwords.
Number 1: Strong passwords
“Use a strong password” are words we see a lot. But what is a strong password? Sure, a hundred random letters and numbers is going to be strong but what’s the point if you can’t remember it?
According to traditional advice a strong password:
- contains at least 12 characters
- includes upper- and lower-case letters, numbers, and symbol
- isn’t a word from the dictionary
- doesn’t rely on substituting numbers for letters.
Based on the advice above it’s pretty easy to come up with a password. Just mash your fingers on to your keyboard and you can come up with a strong password like GM/57`H}=MQHgFq2. But can you remember that? We’ve done a straw poll in the office and no-one could remember beyond the first couple of characters after five minutes.
But for computers random strings of letters and numbers are easy to guess; there’s very few bits of entropy. Increasing the bits of entropy exponentially increases the length of time it takes a hacker’s computer to guess your password.
XKCD’s comic explains this better than we ever could.
The most important thing to remember here is that the words need to be random. Using “what time is it” would be a lot easier for a hacker to work out, because it makes sense together. “blue word sky up” would be a lot harder, and is still a lot easier to remember.
Since 2014 though, six words have been the recommended number for a secure password; and the more words you use the better your password will be.
Just remember—it’s not all about password strength. For example, if you re-use the password at multiple locations, it may be leaked and people may use that leaked password to access your other accounts.
This is the first part in our Five simple things to secure your business series. You might also be interested in our low cost, high impact cyber security products.