The Australian Cyber Security Centre and Cyber Wardens have teamed up to support small business owners strengthen their passwords to keep cyber criminals out.
Passwords and passphrases (a.k.a. a string of words like PurpleCyberResearchSafe) are the first line of defence in keeping your business safe. If cyber criminals crack your password, they’ve got the keys to your business. They can steal your hard-earned cash, redirect invoices to their own bank account, access your confidential information or commit fraud by pretending to be you.
With so much at stake, it would be easy to assume that everyone knows and practices good password hygiene. But new research shows Australian small businesses have a long way to go to ensure their passwords are as safe as they could be.
A survey of more than 2000 small business owners and their employees shows that one in two has basic password vulnerabilities:
- Only 54% of businesses are consistently not sharing passwords
- Consistent use of Multi-Factor Authentication (MFA) where a second step of verification is required to access accounts only happens 53% of the time
- One in 5 never use a password manager or are unsure.
Password processes matter
In-person workers and password management
What to do about it:
- Cyber Wardens can take a quick physical audit of office space ensuring no passwords are displayed on post-its attached to monitors.
- Include posters prompting cyber-safe password processes near workstations.
Casual workers and password management
What to do about it:
- Ensure your casual team members have the skills and tools to keep your business cyber-safe. Consistency is key so set clear password policies and ensure everyone, casual or permanent, sticks to them.
- Regularly audit your user accounts to ensure casuals who are not actively working for you have been removed from the system. This protects your business and may save money as well.
Improving your small business password skills
1. Sharing is not caring
Don’t share passwords between programs and don’t share them between team members either.
2. Upgrade from a password to a passphrase
Update your passwords to a random combination of words called a passphrase, it’s easier to remember and tougher to crack for cyber criminals. For example, “crystal onion clay pretzel”.
3. Add a virtual deadbolt to your doors
Multi-Factor Authentication (MFA) gives you that extra layer of security like adding a deadbolt to your doors.
MFA works by adding additional safety steps to confirm it’s really you trying to get into your account. There are a few ways it can do this, but the most common is sending a one-off code to your phone or through a special app.
This extra layer helps prevent cyber criminals from accessing your business information if your password is compromised.
PRO TIP: Don’t forget, it’s important to roll out MFA for all of your team members and accounts.
4. Use a password manager
Passwords can be difficult to remember, right? Getting your team members to use a password manager takes the difficulty out of remembering multiple complex passwords and keeps them secure. Even better? Password managers can generate those hard-to-crack passwords for you.