Canadian Underwriter

What workers need to learn about cyber security

December 10, 2018   by Joyce M. Rosenberg - THE ASSOCIATED PRESS

Print this page Share

NEW YORK – It may seem obvious: Companies’ computers, mobile devices and accounts need secure passwords. But many small business owners don’t take the time to educate staffers about these very basic forms of cybersecurity. And staffers may not know that their passwords could be easily guessed by hackers and cyberthieves.

Whenever there’s news of a data breach at a big company, or people hear of a friend’s email being hacked, many computer users realize they need to change their passwords. It’s a good start, but not enough. A study by researchers at Virginia Tech’s Department of Computer Science found that it’s fairly easy to guess how people modify their passwords after a breach. The researchers used a computer program that was able about half the time to figure out what a new password was based on an existing one. A cyberthief could also use such a program. So, owners who want to increase their cybersecurity need to not only ask employees to change their passwords, but to also come up with entirely new ones – changing a password like “aardvark123” to “aardvark124’” isn’t secure.

But new passwords can also be problematic. Companies that make password protection software periodically release lists of the most common passwords and they include “123456” and “qwerty,” the letters in the top left-hand corner of a keyboard. “Password” is also popular as are “Iloveyou” and “starwars.” But even when computer users try to personalize their passwords, using their first names or favourite teams (the most often-used passwords in Britain included the names of soccer teams like Liverpool, Arsenal and Chelsea).

An employee might think that a hacker will never know the name of a pet. But if cyberthieves do some searching on social media, they can find the name and figure out a password like “Fluffy123.”

The United States Internal Revenue Service advises computer users to get creative and do a little free associating. For example, think of a series of items like those in your living room and create a password out of them. The IRS came up with BlueCouchFlowerBamboo. The Department of Homeland Security has a list of tips for creating passwords that can be given to employees _ owners can download it from the agency’s website. 

Cybersecurity experts advise against using the same password _ or guessable variations of one password _ for multiple accounts and devices. Employees may balk at having to remember different passwords, but keeping track of them can be simplified with password management software. It’s a bad idea for staffers to keep printed lists of their passwords in their desks.

Owners who want to step up their security should consider multi-factor authentication, which requires a password and a security code sent by text or email. Many financial institutions now use multi-factor authentication for online customers. Small businesses can buy multi-factor authentication software and apps or sign up with vendors that provide the service.

Print this page Share

1 Comment » for What workers need to learn about cyber security
  1. Garland Sharratt says:

    It would be good to more forcefully promote the use of password managers and MFA. It’s really important to have strong passwords (e.g., random and 16+ characters) and to never reuse passwords, and the only viable way to do this is to use a password manager. For important accounts, adding on MFA — Google Authenticator or Authy (instead of SMS, which is less secure) — on top of a strong, unique password will help to reduce the risk if the user falls for a phishing attack.

Have your say:

Your email address will not be published. Required fields are marked *