Historically cyber security has been regarded as a function of the IT department, however I heard this quote at a Cyber Security event “do you have the IT team in charge of the ‘dont murder people policy’, so why do they control gdpr compliance, it’s a law”.
It is critical that your people are properly prepared for their role in improving security.
So, how many passwords do you have?
- One for every site you visit?
- One for any site you visit?
- One slightly changed for sites you visit?
- A mixture of different ones across sites?
Most people are a 3 or a 4. Password re-use is still a major risk for individuals and companies, for example the password '123456' has been found 23 million times in the breaches.
You can check if the passwords you use have been found in any breaches here:
the same site will also tell you if your email address is on any lists. If your email is on any of these list and you are still using a similar password from those breaches then CHANGE YOUR PASSWORD!
You're probably aware that there’s a lot of guidance out there on what makes a good password — and it can be incredibly confusing. The latest recommendation is that you create passwords using three random words. You just put them together, like 'coffeetrainfish' or ‘walltinshirt’.
However it is even more secure to use Coffee-Train-Fish-21!
So coffeetrainfish would take a computer 1000 years to crack but Coffee-Train-Fish-21 would take 42 quintillion years! Bit of a difference.
You can choose words that are memorable but should avoid those which might be easy to guess, such as 'onetwothree' or are closely related to you personally, such as the names of family members or pets. However avoid things like Amazon.Word1.Word2 for Amazon UK and then LinkedIn.Word1.Word2 fro LinkedIn as that can be guessed if one site got breached.
Ultimately, the choices you make regarding passwords are up to you. This blog post is intended to help inform you as you make password decisions and explain a little bit of the cyber security rationale behind our three random words guidance.
You can find a random word generator here https://correcthorsebatterystaple.net/
Then you can test you password strength here https://www.security.org/how-secure-is-my-password/
For the best in security you can use Password Managers. These are sites that have a very high level of security and will save all of your passwords in one place. You only then have to remember the password to log-in to the main site.
Last Pass - https://www.lastpass.com/
Bit Warden (Open Source) - https://bitwarden.com/
Dashlane - https://www.dashlane.com/
Roboform - https://www.roboform.com/
Sticky Password - https://www.stickypassword.com/
A simpler version of this is to actually store your passwords in a Microsoft Office 2016 or later Document protected with a long password. Though, if you forget this password there is nothing you can do and they will all be lost.
I even know some people who never save any passwords and always use the password reminder link to get into websites.
Stay Safe Online
GDPR regulations talks about Information Security and training of your teams. Now this can get a bit expensive if you have a high turnover of staff and volunteers. The National Cyber Security Centre have created the following simple online training programme which anyone can access:
The National Cyber Security Centre has some really good advice and guidelines, which you can find here https://www.ncsc.gov.uk/collection/small-business-guide
Or you can download the infographic here https://www.ncsc.gov.uk/collection/small-business-guide/cyber-security-small-business-guide-infographic
This is the number one attack method for people getting access to your data. Can you spot a Phishing Email? Some are very, very sophisticated. Especially if you are being targetted. You can have a go at the Google Phishing Quiz here:
Stay Safe out there everyone! Remember...