Human factor - 27 June 2022
Strengthening enterprise cybersecurity through people
Aware of the chaotic scope of cyber attacks and the weakness of their cybersecurity, managers no longer hesitate to make substantial…
Human factor - 27 June 2022
Photo de regularguy.eth sur Unsplash
You know who has access to your house keys, that's a foundation of security. But the older those keys are, the more likely it is that someone has a copy. So, have you recently changed the locks and keys in your home?
Fortunately, it's easier in the digital world. The "digital key" to your computer costs less to change. Changing your password is free, and only takes a few moments.
Passwords have become the common way to manage our lives in the digital world. Numerous daily life procedures now go through the Internet: banking, email, taxes, childcare, e-commerce... and require the creation of an account with confidential information. Access to these procedures is protected by passwords.
But it is not enough to have passwords, you must manage and protect them effectively.
IBM revealed in a study that the average cost of a data breach in 2021 was more than $4 million, a 10% increase from 2020. For some medium and small businesses, this can lead to a business shutdown if the financial cost is too great relative to their revenue.
For consumers, a weak or compromised password can mean becoming a victim of identity theft or embezzlement. While banks are becoming more efficient, once you're out of your account, getting your money back is complex. Also, regaining control after identity theft can be difficult and take many months. When you probably have other things to do.
Most hackers who use the brute force technique (testing all combinations of passwords until they find the right one) mainly try to guess short passwords. They conduct very few assaults to discover long and/or complex passwords. This was explained by a Microsoft security researcher Ross Bevington in a post on LinkedIn.
According to the researcher, in 77% of observed cases, attackers attempted to crack a password that was between one and seven characters. Only 6% of brute force attacks were conducted to discover combinations of more than ten characters.
He reported that only 7% of the brute force attack attempts he analyzed included a special character. 39% of them included at least one digit. Attackers never used passwords with white spaces.
Hence the importance of having a strong password.
The harder the password is to guess, the stronger it is. For example, it should not represent an idea, a memory, a person or an object. Cybercriminals will be able to access our data easily. The ideal is a truly random password. For example, passwords that follow standard guidelines - one uppercase letter, six characters, one number and one special character - are not strong.
In a poll Odoxa, 81% of French people say they use complex passwords. A statement that seems to be far from reality since a study conducted by the Harris Interactive institute for Captain Cyber reveals that among the employees surveyed, 78% use identical passwords for multiple platforms. A behavior that is not very optimal in terms of security.
Remembering dozens of long and complex passwords is humanly impossible. Moreover, writing them down on a notepad or in your phone's notes makes it much too easy for cybercriminals. There is a solution: the password manager.
This software stores all your passwords and protects them by encrypting them, only a master password needs to be remembered to access all your accounts. If you have a Mac, you can use the Keychain app which, on the same principle, stores your passwords as well as your account information, and reduces the number of passwords to remember and manage.
The password manager is the best way to "not save those passwords to a file", as 64% of French people report doing so. As the number of accounts of a French person is well over ten if not a hundred, it has become vital to use a password manager. Among the tools available: Dashlane, LastPass, 1Password, NordPass.
This adds, in addition to the password, a second means of authentication.
This is especially vital to protect access to your bank accounts, your email account and your social network accounts, which are often also the gateway to other accounts.
The means are, for example, validation by a code sent by text message to your phone. Or better, a dedicated authentication application, such as Google Authenticator or Authy. Even more secure, a biometric USB key such as those from Ubikey.
Find the "Master my passwords" training in the Captain Cyber app (App Store and Google Play). Step by step, learn how to best secure your data by putting yourself in the shoes of the attackers, then take action. Password management will no longer hold any secrets for you!
She did it. Here's what Nathalie, an executive assistant, thought:
"The trainings are very interesting! I learned a lot, especially about managing my passwords. I immediately changed all my personal and professional passwords after the training "
What about you?