This month alone we have had 2 customers that I know of, hacked because they had simple passwords and had not implemented our recommendations. Luckily we recovered everything within a few hours for both of these customers. These breaches should never have happened and would never have happened if complicated passwords were in use.
In the last month, we were asked to investigate a hack from a building company that was not a client. They had their email account hacked, and the hackers sent change of banking details to a client of that building company. Twenty-five thousand dollars was paid into the wrong account and was never seen again.
These are real stories from real Western Australian businesses. There are thousands more. Security is a pain. Locking your car and house is a pain, but you do that. If you are logging onto any system with a password that does not at least meet the following requirements, that system is at risk.
- Eight characters
- Mix of capital letter and lower case letters
- Non-alphanumeric characters (special characters) (for example, !, $, #, %)
- No words
I suggest you think of a sentence and make a password from that.
‘The cat sat on the mat’ creates a password of Tc50tMAT*%
S can be replaced by 5
O is replaced by 0
E can be replaced by 3
I can be replaced by 1
I would also recommend using two-factor authentication where ever possible. Two-factor authentication is an extra layer of security designed to ensure that you're the only person who can access your account, even if someone knows your password. In addition to your password, you’ll also need a code generated by an app on your phone. Many sites you log into now have this feature. Xero and Google are two that I use.
Please also look at the password software Last Pass. This has helped me improve the passwords that I use for all the sites I log into. Please use different passwords for different sites, Last Pass helps with this as well. Last Pass also has two-factor authentication and is a lot safer than your internet browser remembering your passwords.
Good luck and stay safe out there, because while you read this someone was probably trying to hack something of yours.