Optimize Your  Business Online

How to Protect Your Business's Most At-Risk Password

By: Dave Kramer Friday January 1, 2016 comments Tags: small business, cyber security, email security

As a business owner, you almost certainly have a lot of online accounts. Some of these are personal, some professional, and many straddle the line between the two. Most of those accounts have passwords.

Hopefully you have at least a few different passwords, and don’t just use the same one for all your accounts. Hopefully you also use long, complex passwords, with upper- and lower-case letters, symbols, and numbers.

So what do you do when you forget one of those passwords and lock yourself out?

In most cases, you use your email to either reset your password or to get a reminder sent. Your username is usually sent along with it. This means that anyone with access to the email box linked to your accounts can log into any of them.

This makes your email password the most important password for protecting your business’s information. Here are some tips to protect your email password from hackers and your employees alike, so you can keep the rest of your accounts as secure as possible.

Take Password Creation Seriously

The first step to securing your email box is, of course, to set a good, strong password. Especially since your email address is easy to find and public (particularly for businesses), your password needs to be highly-secure.

Password Best Practices

  • 12-20 characters long—the ones our password manager generates are 20 characters
  • Contain upper- and lower-case letters, numbers, and symbols
  • Unique password, not used for any other accounts
  • No obvious keywords, like your name or birthday
  • Should be something others can’t memorize

Are You Making This Security Question Mistake?

Security questions are, in theory, a good way to make passwords more secure. In many cases, when you use email to reset or recover a password, you’ll be asked security questions before you can proceed.

The problem with security questions is, Facebook has made most information about you accessible to anyone with an internet connection. Mother’s maiden name? Can be found online—all they have to do is find your mom on Facebook. High school? Same story. Even your pet’s name can likely be found on Facebook.

So here are your options, if you want your security questions to actually be secure:

“Why Would You Ask That?”

If you can choose your own questions, make them very personal and un-guessable. If you’re in doubt about whether the answer to one of your questions can be found online, go investigate.

Avoid the Question

If you can only choose from a few questions, you might want to answer the questions in unconventional, tricky ways. For example, you might use a system to construct nonsense answers based on the words of the question – like taking the second letter from each word in the question.

Q: “What is your mother’s maiden name?”

A: “hsooaa”

No one’s likely to guess that. There are all kinds of systems you can use to create answers that will be obvious to you, but are totally un-guessable.

Tack on a Few Extra Characters

You could also add a 4-number PIN or a unique word to the start or end of every answer.

Q: “What is your mother’s maiden name?”

A: “Jenkins8529”

OR

Q: “What is your mother’s maiden name?”

A: “JenkinsNematode”

Again, why would anyone happen to guess that?

Click here to learn how to protect your passwords from disgruntled employees.

Guard Against Both Physical and Virtual Attacks

When you’re talking about security for your business’s information, you have to consider both virtual attacks and physical attacks.

Virtual attacks are things like hackers attempting to guess your passwords or snoop on your information. Physical attacks are related to physical objects, whether that’s looking at paperwork on your desk or directly accessing your personal computer or phone.

If someone gets access to your laptop or phone, you could be in big trouble. Most of us stay logged into many accounts all the time, especially email. This means that, with your phone in hand, an attacker could systematically access one of your accounts at a time, recovering the password through the email on your phone.

To combat this, make sure your devices lock when you’re away, and enable a remote wipe for your phone in particular. At any evidence that one of your devices has been compromised, change your passwords—starting with your email.

Make your exhibit stand out at the next trade show with convertible table covers by Best of Signs

Use a Password Manager

“Forgot Password?” systems are a necessary evil of our password system as a whole. They’re one of the weakest links in the system, because they put a disproportionate importance on the security of your email account. This is unfortunate, because email tends to be one of our least secure accounts, because we have to log into it so frequently.

If everyone used a cloud-based password manager, so no password is ever really “forgotten,” we could afford to make those “Forgot Password” systems a lot less easy to access. That would be a huge benefit to cyber security as a whole.

In the meantime, you can use a password manager to keep your own information secure. Using a password manager makes it practical for your business to use a unique, random password for each account, adhering to experts’ best practices.

The first password you should generate? A real humdinger to guard your email account!

What do you do to protect your email account? Let us know in the comments!

Dave Kramer

About the Author: Dave Kramer

Dave Kramer has been creatively coding software to manage his own small businesses since he was 7, culminating in over 30 years of business management and programming experience. He is the founder of AllProWebTools – an online workflow management dashboard for small businesses. He is passionate about using software tools to simplify business management, leaving business owners more time to do what they love. Dave and his team have helped small businesses all across America to exceed their goals and reduce stress.

Visit Website