Small business owners and small organization managers usually feel a drop in their gut when they see headlines. That is, unless they have taken the right steps in small business breach prevention:
- Yahoo will likely announce later this week that a breach in 2014. The breach exposed account information for upwards of 500 million users.
- The White House may have experienced a breach of its own. The hacker DCLeaks is purporting to have staffer emails along with the First Lady’s passport information.
Yahoo is a huge online company with lots of staff to protect their IT. There’s no question that the White House has qualified people on their staff to manage security. However, most small businesses don’t have the budget and personnel compared to their larger counterparts in the private and public sectors.
The hacker allegedly responsible for the Yahoo breach may have also been responsible for a recent breach at LinkedIn. If you were an affected LinkedIn user, you may recall receiving an email that your password had been reset by the company. Expect the same if you have a Yahoo account.
Look at your organization’s local password policy. Too many firms disable the strict password requirements on their local networks in the name of convenience.
Step 1 in small business breach prevention is enacting strict password policies.
Step 2 is instructing users not to write them down and leave them on their keyboard or computer screen.
The added inconvenience of passwords improves protection. Passwords should have at least 8 characters long and include at least 3 different types of characters. However, the forced password changes every 90 days help to reduce password vulnerability.
The hacker responsible for the Yahoo and LinkedIn breaches will try to sell the password information at some point. Accounts that use the same password forever still have value to the hacker.
Why does it matter if someone else can access an online account? After all, it’s not my work account. Studies show that 55% to 75% of users have the same password for more than one of their accounts. When the hacker has a “universal” password, they have the opportunity to access other types of information potentially including your local network.
If you don’t do anything else to improve your IT security today, change your password. Then, require your team to change their passwords as well.
If you’re ready to do more to strengthen your IT security, call your Responsive consultant at 630-554-0700.