At STACK.aero we're aviation tech geeks who need to stay on top of general tech trends, especially when it comes to data security. One of the biggest risks faced by any organisation is a data breach, and most commonly these happen because of poor passwords and poor password management.
You’ve all been told to change your passwords regularly, but you also probably have 50 or more ‘sites’ that you log in to on a weekly basis. You have both personal and work tools, and you more than likely use the same password across multiple tools.
There is a great article here from a Microsoft MVP who is one of the leaders in data security practices: https://www.troyhunt.com/86-of-passwords-are-terrible-and-other-statistics/
Using the same password multiple times is ONE OF THE BIGGEST DATA SECURITY RISKS YOU FACE.
So…how do you manage it? Here are some tips:
Simple but effective (in order of effectiveness)
- Set up 2-step authentication for EVERY site which offers it - all your primary business tools (Office 365, Gmail, Exchange, Sharepoint) should offer this. It works via an additional SMS code, or an authenticator app on your phone.
- Use different passwords for each site you visit - the biggest risk is a data breach on one site, which is used to get your password and login to the other sites you use. See point 4 for an easy way to do this.
- Use secure internet browsers - this is always best practice, but especially if you are entering your email address anywhere online. Look for the ‘Secure’ link in the address bar.
- Use a Password Management tool (LastPass, 1Password, Dashlane & others) - at STACK.aero, we use LastPass to generate, save and encrypt our passwords. They also have mobile apps so that you can get your password on the road.
- Change passwords regularly - we’ve all been told it, but do you really do it? Or only when the site forces you to? See Point 4 – using a Password management tool makes this easy.
- Make sure your anti-virus is up to date - automate updates if possible.
Look out for...
- Unfamiliar weblinks - if you’re not sure, don’t click on it.
- Attached files – be careful when opening attachments from unfamiliar sources or that look different to normal (a strange filename extension is a good giveaway i.e. ‘.pif’). Attachments can contain a piece of software that once opened, installs itself onto your computer and provides hackers with direct access to your email and files
- The ‘reply’ address – always check this before sending sensitive information (right click on it to view details). Often the ‘display name’ looks legitimate, but the email address itself is suspicious.
- Requests for financial information - i.e. bank details. Hopefully you’re aware of this one already! Don’t feel strange double-checking, it could save you from disaster.
Going the extra mile.
- Use a phishing filter - in your email, and report junk email. If you use Outlook, install the Microsoft Reporting add-in and report junk or phishing emails: https://support.office.com/en-gb/article/enable-the-report-message-add-in-4250c4bc-6102-420b-9e0a-a95064837676?ui=en-US&rs=en-GB&ad=GB
- Install spam filters - on your email servers - if you already have them, set the sensitivity higher.
- More complicated things included security certificates, encryption, DNS securing etc – talk to your IT department or service provider to find out how best to address this