The Ashely Madison hack was a wake up call for a lot of businesses around the world. Hackers infiltrated the extra-marital affair website’s security and released over 40 GB of internal data and customer information publically, ruining the website’s credibility and causing widespread concern about the security of the data that we entrust to apps and websites.
So, how did the hackers do it? Was it a software flaw? An effort that required months of planning and coding? An inside job?
Truth is, the flaw in Ashley Madison’s security was much simpler than that – while the hackers did spend years gathering information about the business (including 300 GB of employee emails and documents, user chats, credit card numbers, and photos), the information was basically there for the taking.
In a plot twist worthy of a Hollywood movie, the experienced hackers accessed much of Ashley Madison’s information simply by entering the password “pass1234”.
Despite Ashley Madison’s dubious moral code, no company deserves to have their information stolen by hackers. It’s easy to think that this won’t happen to you, especially if you run a small business. However, the lesson here is that if this kind of hacking job can happen to Ashley Madison, it really can happen to anyone.
Think about all the information that you have stored on your local servers. From internal emails and billing information to sensitive customer information or employee payroll data, there is a lot of information that hackers may want to access no matter what kind of business you run.
So, how do you safeguard your company and prevent it from becoming a target for hackers? The number one way to improve your virtual security is to invest some time and effort in developing secure passwords for every aspect of your business. “Pass1234” might be easy to remember, but it also places all of the client and business information that you have been entrusted with at risk.
If your company doesn’t already have an existing password protection policy, it’s important to discuss setting one up with your IT provider. Here are five key aspects of password protection that your IT provider will likely go over with you.
- Change your passwords regularly (these are commonly changed on a quarterly basis). This effort keeps passwords from being passed on through ex-employees, and can be a huge factor in preventing hackers from gaining ongoing access to your information.
- No passwords used for your company (whether by management, clients, or employees) should be the same as personal passwords that the individual uses.
- Passwords should never be shared in emails, over the phone, in security forms or questionnaires, written down and stored in the office, or stored electronically without encryption.
- Management and employees should never use the “Remember Password” feature that many applications and websites use.
- Passwords should actually resemble “passphrases” to protect your accounts from “dictionary attacks” (where hackers essentially use a program to try every word in the dictionary). Use several words with numbers, uppercase letters, and symbols interspersed to have a passphrase that is memorable, but also secure.
Making your passwords and your password policies more secure isn’t the huge effort that it may initially seem. It can be frustrating to have to remember new passwords quarterly, and to implement this policy across your business. However, the effort is definitely worth the peace of mind that comes from knowing you are taking concrete and practical steps against hackers accessing the sensitive data that your company controls.