"Change your passwords every 30 days!" This is a tip that has been thrown around freely over the last 20 years. While it might have been a safe practice 15 years ago, new changes in cybersecurity technology have meant that plenty of common cybersecurity tips aren't quite as valuable as they used to be. Our team at SeedSpark gets a lot of questions on staying safe online, so we're taking time to debunk some of the most common cybersecurity "tips" that we see each week.
There are plenty of scam messages and phishing emails that are easy to identify, but bad actors are getting more convincing each day. Many groups copy the look of common emails from financial institutions down to the pixel, meaning that the only way you can identify a real message from a fake one may be the sender's address (assuming it isn't masked). Additionally, some hackers sit in inboxes for weeks to monitor messages and plot their move. When an invoice is sent, it's possible for someone to intercept that message, replace routing numbers, and make off with thousands of dollars. Never take it for granted that a message is legitimate.
Keeping your password fresh might have worked years ago, but new technology has made this type of password protection obsolete. User habits can also make this security feature a risk, with many people admitting to just adding a simple number each time their IT admin requires a password change. If you start with "pa55w0rd", then it seems easy to keep going with "pa55w0rd1" and "pa55w0rd2" in the months ahead. It may make logging in easier, but these are also the first options that bad actors would try if your original password is leaked in a data breach. It's always best to use a password generator to create unique passwords for each account.
It's easy to assume that hackers will only target billion-dollar corporations. The reality is that any business at risk and small businesses are often prime targets due to traditionally aging technology and lackluster cybersecurity defenses. Especially for entry-level hackers, these networks are prime targets. Any business, regardless of its size or its industry, should make cybersecurity as much of a priority as paying for electricity or water. It's a fundamental part of keeping your business afloat.
If your password is compromised and your MFA option - a phone number, email account, or authenticator app - is also compromised, then anything could happen. Personal emails and messaging platforms can be compromised if passwords aren't unique - one email and password combination can be tried automatically on thousands of accounts in a matter of minutes with bot networks, meaning that repeated uses could leave you vulnerable. Even so, Microsoft has shared that MFA still blocked over 99.9 percent of attacks on accounts, making it a must-have for anyone who is taking cybersecurity seriously.
Microsoft has improved built-in cybersecurity features over the last 10 years, improving Microsoft Defender and making it a respectable option for personal laptops of general internet users. Microsoft Defender and other similar baked-in cybersecurity tools don't deliver enterprise-level protection. Hackers are targeting companies large and small, which makes leveraging AI more important than ever. Rather than relying on definitions based defenses, artificial intelligence is continually learning about the latest threats to keep networks protected - that's certainly more protection than what Microsoft Defender provides.
Cybersecurity is tough for any one person or small team to tackle. Our team at SeedSpark has decades of experience in delivering state-of-the-art cybersecurity solutions to our clients, providing protective protection and backup and disaster recovery solutions that let them know that their data is secure. Click the button below to download our free guide, The Art of Password Theft, to learn more about the various ways that passwords are stolen each day.