No, Fraud does not stop at the online world either. The preventive measures in the sense of hurdles must be drawn up by yourself. How? Simple and inexpensive! One of my esteemed customers is the reason why I am taking up this topic today. As a successful online business entrepreneur he knows what it means to protect his most valuable asset. His own data and that of his customers.
Supposed security of the entrepreneur – Online Fraud affects the others
Many entrepreneurs identify their risks. Some even do so on a regular basis. Nevertheless, the potential threat of online fraud is missing on most risk maps. Reason? In perception, it only affects the others.
For all those who now think that online business is none of my business: Who said 10 years ago that “it’s enough if I can use my mobile phone”? And today? We do much more with our smartphones. The little helpers, which are getting bigger and bigger, are both a curse and a blessing. Yes, they can literally become a weapon. And work against our business accordingly. Then, when the machinations of a social engineer target us as humans and our data.
Smaller companies in particular – even those with new business models, which often celebrate their successes strongly in online business – still regularly overlook this risk. But the perpetrators are looking everywhere for opportunities to enter the market. This also applies to third-party components used in online business. Preventive measures are therefore essential to protect the company from fraud.
Agreed, online fraud does not only affect others, but could also harm my business?
Our adversary: the malicious social engineer
Most of us are unaware of the consequences that the disclosure of passwords could have on us. How often do we even receive passwords via email? Together with the user name or directly in the following email? The subject chosen so that not only the recipient knows for sure what it is about? So the work of so-called malicious social engineering is relieved and abuse is made possible.
“How long does it take to crack a password?”
It depends. If the password is created with easy-to-remember, personal information, then it takes less time. This includes hobbies, names and birthdays of family members, information about pets, etc. The attackers know this and as mentioned elsewhere, they prepare themselves professionally.
Calculating an 8-digit password from characters, numbers, upper and lower case letters takes 29 years with a powerful computer (capable of testing 1 million passwords per second) in the longest case. However, if the password is only five digits – but also contains characters, numbers, uppercase letters and lowercase letters – it takes less than 30 minutes to crack it.
With the right strategy and its implementation, you can massively reduce this risk of data theft or data misuse.
Your friend and supporter – the password policy
We all do not have to look far to learn that many of our fellow human beings use a password more than once. A password policy is an essential and effective way of preventing fraud. And it is very easy and inexpensive to implement compared to the defense against an attack. The damage caused by quasi direct access to passwords is many times higher, also due to the greater range.
Strong passwords are important, as already mentioned. But they are of little use if they are not kept confidential. Therefore, it is just as important to refrain from exchanging passwords among employees. Practice often shows that there is still room for improvement. Passwords are used several times on different websites and applications. We are all aware of the reasons for this.
Six tips and tricks for strong passwords
Without going into all the innumerable possibilities and safety factors, I would like to give you a few simple principles.
1. Length
Long passwords are safer than short ones if the long password does not consist of only one or a few letters. You should also avoid using rows of numbers or keys.
2. complexity
Complex passwords are more secure than simple ones. A combination of letters (capital AND small), numbers and special characters increases security. However, if the password specifications (length, requirements from letters, numbers, special characters) are also visible to attackers, security is reduced again!
3. “Leetspeak”
In this method, letters are replaced by similar-looking special characters and numbers. The variants are numerous and sometimes sophisticated. But beware: nevertheless they are often used very obviously by the users. The attackers have so-called Leetspeak dictionaries which they use – so no real challenge if the obvious Leetspeaks are used. However, as a variant Leetspeak can be part of yours.
4. Creativity
These are the sentences that you create for yourself and then, for example, use the first character. I’m sitting in my office by the lake today, it’s January 2, 2020, and the result would be the following password: IshimOaS_eid22
After all, 14 characters. Where there is a comma, I place a special character in the form of an underscore. The combination of seemingly random ones increases the length, complexity and thus also the security.
5. Out of dictionary
The most important input: do not use words and phrases that are in a dictionary. Regardless of the language. Attackers also have electronic dictionaries for pet names, which they run through the login screens.
6. Changes of strong passwords
And last but not least, even strong passwords have to be changed regularly. Be it every two, four or six months. The password manager can be an effective support for this – as well as for other security measures regarding the generation, storage and adjustment of strong passwords.
In this spirit, I wish you a “safe” start to into the new year with these six simple elements for creating and handling strong passwords.
Yours,
Sonja Stirnimann
