Need Help or Advice?
Call the Insight team
01273 475 500
The massive growth in people working remotely from home, alongside cloud computing services, have made poor password management a significant risk for businesses and individuals. In this post we encourage readers to make password security a high priority in 2023.
Passwords aren’t a new phenomenon. The Romans referred to them as ‘watchwords’ and they are referenced in the biblical book of Judges where they were used in military applications.
The first computer passwords are thought to have originated in the mid-1960s at the Massachusetts Institute of Technology. Their Compatible Time-Sharing System (CTSS) was a very early pioneer of many of the IT systems we are familiar with today including e-mail, instant messaging and file-sharing. Password protected accounts were used to enable individual users to use various terminals to log in and make use of the system.
But there has never been a time when ordinary people were ever required to establish and manage as many passwords as we are today. The average person today has around 191 services for which they need to manage login credentials.
Cybersecurity threats are a significant and growing concern for both organisations and individuals. Our daily lives involve multiple accounts, from banking to online shopping and streaming services. And cyber criminals know that many organisations don’t adequately prioritise password security. Here are some of the most common methods they use to steal passwords and personal credentials.
Phishing is a fraudulent practice in which targeted victims have their personal details stolen. This is typically achieved by sending messages, possibly via email or social media, that appear to be from legitimate sources but in fact contain malicious links which, when clicked, enable criminals to elicit personal information such as credit card numbers.
A brute force attack is a well known hacking technique that uses trial-and-error to effectively guess login credentials. Cybercriminals are able to purchase extensive lists of compromised account passwords from the Dark Web, which is effectively a hidden aspect of the internet. Automated software hacking tools quickly work through these lists and often include clever password guessing algorithms that can enable passwords to be determined.
In targeted attacks cybercriminals identify specific people whose login credentials they want to acquire. They then investigate their social media accounts and all other aspects of their online activity and presence to determine their birth dates, addresses, information about other family members and any other personal details. They know that people tend to use memorable information such as their children’s names, previous addresses or birthdays to create their passwords.
SIM swapping is also known as SIM hijacking, SIM jacking, SIM splitting or a port-out scam. It’s a form of identify theft in which criminals exploit the mobile phone service provider`s ability to seamlessly port a phone number to a device containing a different subscriber identity module (SIM). This mobile number portability feature is normally used when a phone is lost or stolen, or a customer is switching service to a new phone. But fraudsters can exploit this service by convincing the service provider to port the victim’s phone number to the fraudster’s SIM. This is achieved by collecting enough personal information on the target to enable the criminal to appear to be legitimate to the mobile phone service provider.
A recent Verizon Data Breach Investigations Report shows how personal credentials are the main method used by cyber criminals to hack into business and organisational IT systems. Around 61% of business security breaches have been attributed to stolen credentials and insecure password practices are recognised for being responsible for 81% of worldwide cyber attacks.
By following some basic password security best practices the risk of having login credentials stolen by cybercriminals is massively reduced.
It`s vitally important to overcome the: ‘It won’t happen to me’ mindset when it comes to cybersecurity, because it will. Cyber security complacency is what cyber criminals exploit so it`s important to overcome any reluctance you might have regarding your password use and security.
One of the most common password security failings is using the same password for multiple accounts. As noted, we all have numerous accounts and login credentials to remember so it`s inevitable that many use the same passwords, often for both personal and business accounts. But this practice is obviously fraught with risk.
Another common password security failing is making passwords overly simple with very few characters. While this can help make them memorable it also makes them far easier to guess and hack.
Follow these actionable best practice now to make certain you are prepared for 2023.
Risk awareness is an important factor in establishing reliable cyber security for both organisations and businesses. Cyber criminals and scammers are continuously developing and refining their techniques which is why we all need to take steps to bolster our online security wherever we can.
If you have any questions about your home or business security, or if you have any special requirements, remember that we are here to help. Give us a call on 01273 475500 and we’ll provide you with free, expert advice.
This message was added on Thursday 29th December 2022
Need Help or Advice?
Call the Insight team
01273 475 500