According to a study that surveyed 65 corporate and governmental organizations, in 2012 U.S businesses paid an average of $8.9 million for all the costs associated with cyberattacks. That’s up 6 percent from the previous year.
Cyberattacks cause problems for companies of all sizes. If your website is hacked it can lead to business disruption, data loss and theft, and damage to your company’s reputation. Weak points in your website can include out-of-date or insecure software, or malware. Use of a public computer or public Wi-Fi networ can be an open door to hacking as well.
A weak or insecure password that’s easily hacked is another entry point into your website. It doesn’t take any technical knowledge to create a strong password yet it is an invitation to cyberattacks that many businesses ignore.
What makes for a weak password?
Using a a simple group of numbers or a one-word password that’s easily found in a dictionary make for a weak password. Examples of weak passwords include this list from SplashData’s list of the 25 worst passwords of 2012. Here’s the list’s top ten:
Prevent your website from being hacked—make all your passwords strong
- Use a combination of letters, numbers, mixed case and special characters
- Don’t simply change a few characters of a company name
- Consider using a password-generator to come up with stronger passwords. If that feels unsafe, generate the password then change a couple of the characters.
- Longer passwords are more secure.
Managing website-related passwords
Your website most likely has more than one password associated with updating and maintenance. Make sure your passwords are strong for each of these items:
- Content management system
- Hosting account
- Domain registration
- Plug-ins used with your website
Develop a plan on how you will store your company’s passwords and who will manage them.
- Don’t store your passwords on any device in an unsecure file (a Microsoft Word document stored on your computer)
- Avoid using the same password for all website-related accounts
- Change your website passwords when website managers change
- Change your passwords if you have a high turnover of website managers or people responsible for updating the website
- If you have given out your website password to multiple people over the years (website mangers, webmasters, developers and any other people responsible for updating your website) then you should change your password at a determined interval or when there is a change in the team managing your company’s website.
- If your website is a critical tool for running your business, reduce risk by implementing a recovery plan in case of a disaster. The FEMA website gives guidance on protecting your business in a disaster.
Establish a protocol for making your organization’s website passwords strong, secure and well managed—it could save you hours of staff time, hundreds, if not thousands of dollars, and your company’s reputation.