Businesses should make secure passwords a priority
NEW YORK — It may seem obvious: Companies’ computers, mobile devices and accounts need secure passwords. But many small business owners don’t take the time to educate staffers about these very basic forms of cybersecurity. And staffers may not know that their passwords could be easily guessed by hackers and cyberthieves.
Whenever there’s news of a data breach at a big company, or people hear of a friend’s email being hacked, many computer users realize they need to change their passwords. It’s a good start, but not enough. A study by researchers at Virginia Tech’s Department of Computer Science found that it’s fairly easy to guess how people modify their passwords after a breach. The researchers used a computer program that was able about half the time to figure out what a new password was based on an existing one. A cyberthief could also use such a program. So, owners who want to increase their cybersecurity need to not only ask employees to change their passwords, but to also come up with entirely new ones — changing a password like “aardvark123” to “aardvark124” isn’t secure.
But new passwords can also be problematic. Companies that make password protection software periodically release lists of the most common passwords and they include “123456” and “qwerty,” the letters in the top left-hand corner of a keyboard.
The IRS advises computer users to get creative and do a little free associating. For example, think of a series of items like those in your living room and create a password out of them. The IRS came up with Blue Couch Flower Bamboo. The Department of Homeland Security has a list of tips for creating passwords that can be given to employees — owners can download it from the agency’s website at https://bit.ly/2dhCdH7 .
Cybersecurity experts advise against using the same password — or guessable variations of one password — for multiple accounts and devices. Employees may balk at having to remember different passwords, but keeping track of them can be simplified with password management software. It’s a bad idea for staffers to keep printed lists of their passwords in their desks.
Owners who want to step up their security should consider multifactor authentication.