In 2014 you likely heard about a massive data security breach in which 1.2 billion—yes, BILLION—email address and password combinations were stolen by Russian hackers. According to the New York Times this was the largest known collection of stolen Internet credentials—and that means there is a good likelihood that could have affected you or someone you know. At least 420,000 websites were discovered as part of this hack, including household names—which means everyone from college students to mommy bloggers to small business owners were put at risk of fraud and theft.
When Changing Your Password Goes From Annoying to Terrifying
For those of us with information stored in the cloud—a growing number by the day—concerns turn from simple annoyances (“Need to change my Staples password again!”) to gut-wrenching horror (“My financial data is in the cloud! Somebody stop them!!!”). With more of our clients turning to cloud-based accounting software to manage everything from their bookkeeping and payroll to expense reporting and time tracking, we know there is a lot of sensitive data floating around in the cloud—and a lot of reliance on accounting technology providers to protect this data.
Small Business Financial Data is More Vulnerable
Small business owners are especially vulnerable to this because they do not (and likely could not) have the capabilities in house to safeguard against outside threats. They are forced to depend on their vendors providing security and protections—often without much support to review and analyze measures in place. However, when it comes to financial data, you can never be too safe or too involved in the security in place.
To make sure your data is safe (and stays safe!), we’ve put together a list of best practices for creating safe ID and password combinations. Let us know if you have other password protection policies in place—and then get to updating your information today!
Best Practices to Safeguarding Your Internet Credentials
- Create a unique ID and password combination for every login you have.
- Mandate every employee create a unique ID and password combination for each unique app or access point.
- Make sure your email password(s) are unique from all others and change every 30 days as well as in the event of any breach.
- Use 2-Step Verification processes where available, especially in securing email accounts. Gaining access to email accounts is the easiest way for a hacker to take over all of your accounts in moments because most software programs use password reset via email.
- Use OAuth processes where available to allow third party access without sharing passwords across platforms.
- Skip the obvious password combinations (anniversaries, children, pets, etc)—it is easier than ever to track down personal information online and guess at password combinations.
- Keep software, apps and operating systems up-to-date. Bugs are discovered every day and patches are pushed out—automatic updates will help keep you protected.
- Keep your security software up-to-date.
- Limit sharing of personal data on unnecessary sites. You may not have a choice on all sites, especially those where you are required to share financial or legal information—but skip sharing your birthdate on irrelevant sites. Staples may want to send you a birthday discount code—but a fake birthday will do just as well while still protecting your personal information from the next group to hack into their database.