by our very own Jasmine Ruscoe. Image from Visualhunt. ~ WizeOwl
We live in an increasingly technology-driven world. It allows us to do wonderful, useful, and creative things such as work from home, shop online, and access photos and other information from almost anywhere. However, as the opportunities presented by technology increase, so do the risks, and with increasingly complex security requirements emerging every day, most of us can no longer afford to let online security pass us by – especially not at work.
Now, you might be wondering what exactly password security has to do with bookkeeping. First of all, it is important to us due to the sensitive nature of the information we handle on a daily basis. Secondly, however, we are concerned by how many businesses we interact with, who seem to have very little concern about or protection against this problem.
What is the problem?
Poor password security leaves you vulnerable to a wide range of threats, including but not limited to:
- Invasion of privacy;
- Information theft, including information about yourself and your business, but possibly also your family and/or clients, whose information you can access. This can also potentially expose you to fines, and civil law suits from victims.
- Obstruction of your business operations and/or reputation by locking you out of accounts, altering settings, or misusing accounts, including social media accounts.
- Sabotage; for example, using your or your business’ money to make compromising purchases which may have significant social, financial, or legal consequences.
What can I do about it?
The good news is, there are many simple actions you can take to protect yourself. Here are some of our favourites.
- Use strong passwords and don’t repeat passwords across accounts, especially important ones such as banking. – You may have heard this advice before, but believe it or not, “password” and “12345” are still amongst the top 5 most common passwords! Armed with this information, hackers can access thousands of accounts with minimal effort; don’t let yours be one of them.
- Avoid using names and birthdays. This is common for work logins and the like, which tend to assign passwords such as “jsmith67”. While easy to remember, this is also commonly used as a password structure, and uses easy information to find. It may be better than the good old “password,” but we still recommend mixing it up. For example, you may want to try: using different words altogether, allowing your employees to create their own, non-systematic passwords once logged in, or adding other words, letters or symbols; for example, “jsmithapple67”.
- Use Two Factor Authentication – This is an increasingly common method of online security and it is currently one of the more advanced forms. It refers to any system where the person logging in needs not only the username and password, but also another method of verification, eg. an SMS or unique one-time-use code such as those generated by Google Authenticator. Many people find this unnecessary and annoying, and while we definitely sympathise, we think that the consequences of an information breach – especially sensitive information such as financial records – will be much more annoying! As they say, a stitch in time saves nine. You may also find that TFA is becoming compulsory on some platforms, so get ahead of it and make sure you are prepared.
- Use a Password Manager – You are not alone in your ten-thousand-password-filled nightmare, but fortunately, there is a solution. Password Managers are programs in which you can store passwords for everything from online shopping to banking and more. The best thing is, you only have to remember one password – the password to the Manager itself – in order to access all these accounts. Password Managers are more secure than writing passwords down on paper or on things like a Google Doc, which may be easily seen by the wrong people. That is not to say that Password Managers are infallible, and some have indeed been targeted by online attacks in the past, but at Bizwize, we have found our Password Manager great for convenience, security and peace of mind.
- Don’t store passwords on your phone and, especially if you do, be prepared to remotely find and lock or wipe it. Not everyone who finds or even steals a phone will be interested in fraud, but if someone physically has your phone, this is one of the most effective ways to hack you – including using Two Factor Authentication. Making use of security measures such as Find My Phone or Find My Device allows you to control your phone remotely if it has been lost or stolen, but only if you have activated it with your device in your possession, so don’t wait until it’s too late!