Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Compromised Passwords: Don’t Ignore Those IPhone Alerts

Kiwis with iPhones who recently starting noticing alerts notifying them that their passwords are compromised should not ignore the alerts if they want to keep their details and account information safe.

"Some are ignoring the iPhone alerts, or they are suspicious of them, but it's a good thing that Apple is doing. There are many large databases of stolen credentials on the Internet, and these alerts let you know that you are compromised.

"When Apple, or any other large provider, queries a database of compromised credentials, they can alert their users. It is a warning to stop using a particular password or reset it completely – it's got nothing to do with iCloud itself."

Watson said the alerts notify you that your credentials, including passwords, are out in the world – where they are bought and sold on the dark web. Your usernames, emails and passwords are at risk of enabling more subtle cyberattacks rather than the brute force hacking attacks with which people are familiar.

"If you get a notification and you use that password – or any variations of it – you should change it immediately. If the platform or software related to the compromised password allows two-factor authentication, you should enable that as an extra layer of security."

Watson said Kiwis tend to be lazy around passwords because they commonly use the same password, or variations of that password, across multiple sites.

"It's dangerous when you do that. I know it's a pain to have to come up with different passwords every five minutes and having to remember them, but there are password management tools that can help you with that for a relatively low annual subscription."

Advertisement - scroll to continue reading

The Chrome web browser has a password management tool that is fine for individual users, but it's not robust enough for a company.

"Chrome is connected to Gmail, and that's usually linked to the staff member's personal account. It's messy," Watson says.

Set password policies

Companies should specify how their software is accessed and not leave it to staff to figure out for themselves. Instead, set a policy that requires your team to use unique passwords for each application or platform.

Install a management tool

"Humans find it hard to remember passwords for a dozen websites," Watson said. "Instead, provide tools like password management software to make compliance with your policies easy. If you do not, compliance will be low. People will use the same password over and over with minor variations. That means your business is not secure."

Have an exit strategy

Watson said it is a common problem in New Zealand for departing staff to take their passwords and access credentials. These then remain in the system as dormant accounts and could be seen as low lying fruit for a disgruntled staff member.

"Make password protection a company level responsibility rather than leaving it to individuals. This makes it easy for staff to comply with security policies and enables easier exit of employees with less vulnerability later.

"Have an employee exit procedure, which includes prompt notification to the IT support team, especially if you have outsourced your security. Integrate your human resources and information technology processes."

Watson said most New Zealanders have likely had passwords compromised – both personal and work-related – but it's never too late to implement good password hygiene.

"Password management tools are low cost and easy. There's no excuse."

For more information visit: https://www.linkedin.com/in/daniel-watson-smb-cybersecurity-expert-07424b12/

 

ABOUT

Volunteer, adventurer and author of the book 'She'll Be Right (Not!) – a cybersecurity guide for Kiwi business owners – Daniel Watson is an SMB cybersecurity expert and managing director Vertech IT Services.

Having witnessed the hard work and assets of many SME businesses owners decimated by cybersecurity criminals, Daniel's mission is to protect the livelihoods and assets of business owners and their staff with guaranteed, but practical, cybersecurity services, education and information.

Vertech IT Services focuses on providing IT Support services to growing small to medium businesses in the Auckland area.

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.