SME’s, You’re Making it too Easy for Cyber Criminals
Cybercrime is on the rise. The proportion of UK firms reporting a cyber-attack has jumped, yet most businesses admitted they are under-prepared for breaches, according to research from Hiscox.
One in every hundred emails sent around the globe has malicious intent, likely to deliver malware, conduct spear-phishing, commit fraud or other activity conducted by cyber criminals. In many cases, it takes just one malicious email being successful to provide attackers with a doorway into the back end of a target network and a route to significant damage.
But every day, someone opens an email or a link and literally opens the door for a cybercriminal.
Cyber-attacks come in many shapes and sizes, but the vast majority are opportunistic and very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a burglar trying your front door to see if it’s unlocked.
In most instances, cyber criminals either want to get hold of personal data or customer data so they can use it, sell it on the dark web, or simply hold it for ransom.
Although terminology such as ‘cyber attacks’ and ‘hackers’ conjure up images of sophisticated teams of computer experts with high-tech equipment, attacks are much more likely to occur through mundane errors like a user choosing an easy-to-guess password or not changing the default password on a router.
Predictably, the worst passwords tend to be the most hacked, simply because they are way too easy to crack. Findings from the UK’s National Cyber Security Centre (NCSC) which analysed the 100,000 most commonly re-occurring passwords accessed by hackers in global cyber breaches, demonstrates how easy we make it for hackers as they found that 23.2 million of those hacked worldwide used the password “123456”!
- 123456 (23.2m)
- 123456789 (7.7m)
- qwerty (3.8m)
- password (3.6m)
- 1111111 (3.1m)
- 12345678 (2.9m)
- abc123 (2.8m)
- 1234567 (2.5m)
- password1 (2.4m)
- 12345 (2.3m)
It goes without saying that if you see your password on the list, you need to change it now. You can also start to follow a few simple guidelines. Passwords need to be strong, but they should also be unique across each of your different accounts.
Of course, some accounts hold more sensitive details than others – your email for example. But concerningly, less than half surveyed by the NCSC say they do not always use a strong, separate password for their main email account. The NCSC itself offers a lot of helpful advice on its site, including avoiding credential reuse and choosing strong passwords comprised of three or more random but memorable words.
Better still, use a password manager such as LastPass or 1Password. This creates passwords for you which removes the need to remember them. These need to be secured with a master password, which must itself be strong or hackers could access all of your credentials in one handy place.
We help SME owners across Yorkshire and beyond understand the risks to their business from cyber threats. We give them peace of mind by running a free dark web search to check if their data is already for sale on the dark web and help them take steps to prevent it being used against them.
If you’re worried your SME might be at risk from a cyber attack, get in touch right away.