Imagine this, your business has just invested in a whole load of time and money moving everyone over to Office 365. You maybe even bought brand new laptops to get everyone working from the cloud but you didn’t take the security bit seriously. You rejected the offer for the better licence with more security because it was “too expensive”. And you didn’t want to turn on some of the basic security features like Multi-Factor Authentication because it was “too difficult for the users”.
…And then you get hacked. Your business gets compromised, all of your emails, your customer contacts, your invoices and even your files that you put in Sharepoint, are visible to the hackers.
That’s exactly what happened to a client we recently helped after they had suffered a data breach. As a small business, they had wanted to reduce costs on Office 365. The owners didn’t want to have complicated passwords or additional password security like Multi-Factor Authentication.
They’re not alone a staggering 81% of data breaches were down to weak or stolen passwords. Passwords and email phishing attacks are still the top 2 ways that people steal your data.
People still are not taking password security seriously. We’ve seen people write down their passwords onto post-it notes and stick them onto the monitor and even write them on whiteboards in meeting rooms. We’ve also seen people insist that their password is changed to ‘Password1’ – with a capital ‘P’, because that should stop the hackers… and this usually is the CEO or FD.
Make your password complex. If you have an IT Team, get them to make the password requirements complex. This will force people to use a better password. It used to be that we would insist everyone has an 8 character password and to change your password every 30 days. But this advice has now changed.
The recommendation is to have a really strong password. Somewhere between 12 and 15 characters, his then won’t need to be changed every 30 days.
It’s easier than you actually think; were saying your password wants to be
So instead of thinking of something like – 6z_@S;4#bR%NDm3
Why not try a shorter sentence; WhoLikesTerminator2?!
Here we have used upper case, lower case, numbers and special characters but its a lot easier to remember.
MFA is used by banks, social media and even TV streaming services. Most of us are already using it at home. When you log into your bank or even your Xbox with your password from a new device or a new location, you get a text message or an app pop-up on your phone to check its definitely you.
Its the same with your business data. When office 356 see’s you logging in from a new device or a new location. It’s going tot check that its you. If it genuinely is you, it takes two seconds to click approve on your app. If it’s not you, it won’t let the hackers who managed to steal your password, log in. As they don’t have access to your mobile phone.
So if you’d like to understand more simple steps you can take to safeguard your team and your customer data against these really common hacks. Give me a shout. – email@example.com