The codes accessς είναι ένα από τα βασικότερα μέτρα ασφαλείας. Σύμφωνα, όμως, με την παγκόσμια εταιρία κυβερνοασφάλειας ESET, για να μπορέσουν πλέον οι μικρομεσαίες επιχειρήσεις να τους διαχειριστούν και να τους χρησιμοποιήσουν με ασφάλεια, θα πρέπει να καταβάλουν μεγαλύτερη προσπάθεια απ' ότι στο παρελθόν.
Why should SMEs pay so much attention to the passwords they use?
If you are a small business owner and you think your company does not have anything to do with cybercriminals, think again.
Small and medium-sized enterprises are the apple of contention for cybercriminals precisely because enterprises like yours have valuable data and more assets than consumers, while at the same time being more vulnerable than large enterprises, which have larger security budgets.
That's why you should pay close attention to the passwords that you and your employees use in your business.
According to the report Verizon Data Breach Investigation Report 2017 (PDF), έως και 81% των παραβιάσεων δεδομένων προκαλούνται από αδύναμους ή κλεμμένους κωδικούς πρόσβασης. Δεδομένου ότι περισσότερα από 5 δισεκατομμύρια passwords έχουν διαρρεύσει στο διαδίκτυο, η βασική προστασία με έναν κωδικό πρόσβασης είναι πλέον αναποτελεσματική.
How attackers steal passwords
1. Scammers use simple techniques to crack the passwords you use. One of them is monitoring. Attackers steal passwords by peeking at potential victims as they type.
2. Cyber fraudsters take advantage of the weaknesses of "human nature" (eg curiosity, ignorance, etc.) and deceive their victims by technique of social engineering. By baiting an online form or email (phishing attack) that appears to come from a trusted sender, attackers manage to convince even well-trained users to reveal their passwords.
3. The most demanding attack techniques include intercepting the network traffic of devices used by employees working remotely or in a public place.
4. One of the most popular ways to crack the passwords you use is a brute attack strength (brutal assault). In this case, attackers try millions of password combinations in a short period of time until the correct one is found. This is why passwords must now be quite long. The more complex the password, the longer it takes for cybercriminals to guess it.
5. Cybercriminals who have gained access to a company's network can use malware to search for documents containing passwords or to detect keystrokes of passwords and send this information to their C&C server.
How to create a good password policy
According to the international cybersecurity company ESET, if you are a small and medium-sized company owner, you can follow specific procedures to ensure that your company has an effective password policy:
• Your employees should be trained on how to create strong passwords (PDF).
• If you have a department it, then this should apply rules when developing and enforcing a specific password policy (PDF).
• Apply additional safeguards to increase password security.
What else can your company do to protect your passwords?
To better protect the passwords of your company's employees, you can use authentication two (2FA) factors.
In this case, in addition to the username and password used by your employee, when setting up two-factor authentication they will be asked to verify their identity with a one-time password.
In this way, you protect access to corporate systems even in cases where credentials have been leaked or stolen.
As often SMS and mobile devices accept attacks malware, the modern ones solutions 2FA δεν χρησιμοποιούν επαλήθευση μέσω SMS. Αντίθετα, επιλέγουν push Notifications, as they are more secure and user-friendly.
Finally, to further increase the security of the authentication process, organizations can add biometrics – which is the user such as using fingerprints – implementing multi-factor authentication (MFA).