Weak Passwords – Cybersecurity

Too Easy, Too Weak: Password Patterns Still Concerning

Weak password security is one of the main contributing factors to the current wave of cybercrimes sweeping the world. Despite repeated warnings from industry experts to choose more complex passwords, many users still fail to follow this advice.

Recent research shows that internet users continue to opt for passwords that are easy to guess or crack, leaving the door wide open to cyberattacks. Let’s take a closer look at this phenomenon and find out what organisations can do to strengthen their security.

Why are we still using simple passwords?

For many years, cybersecurity experts have been sounding the alarm about simplistic passwords that are far too easy to guess. Passwords like “12345”, variations on the word “password”, or even the user’s own name are still frequently chosen, despite the widely publicised dangers of doing so.

In fact, 2023 saw South Africans choose the password “admin” most frequently of all.

While some experts blame users for being lax or unoriginal, there is a possible psychological explanation for the simple passwords we choose: we believe that if we came up with them, they must be unique and impossible to guess.

This human tendency to overestimate our own ability at certain tasks is known as the Dunning-Kruger effect, a well-documented psychological phenomenon.

This effect applies to everything from our perceived ability to drive at high speeds, our competence at work, and even our attractiveness or social skills. Password creation is yet another area where we often think we are better than we really are.

Best practices for password creation

Unfortunately, cybercriminals are much better at guessing or decoding our passwords than we are at creating them.

To avoid this and secure crucial business data, team members in every organisation should be trained to apply best practices for password creation, which include:

  • Using a password length of at least eight characters: Longer passwords are harder to guess and cannot be easily cracked by automated password-cracking software.
  • Including numerals and special characters: This adds complexity to passwords, making them far less likely to be compromised.
  • Avoiding personal information: Don’t choose words related to your daily life, such as hobbies, interests, or your workplace. Cybercriminals carrying out social engineering attacks may have already researched these aspects of your life and could use them to crack your password.

Password security and secure cloud storage – key aspects of every cyber defence strategy

A strong password adds an extra layer of security to your data, especially as cyberattacks and ransomware incidents become more frequent, costing businesses millions of rand each week.

In addition to strong passwords, secure cloud storage featuring encryption technology has become a non-negotiable element of every effective cybersecurity strategy.

To learn more about these technologies and how they can benefit your company’s online security, visit our product page today.

Common Password Mistakes | Password Security

Common Passwords & 6 Common Mistakes People Make

A secure password is the first line of defence against cybercrime, yet many of us still use passwords that the average 10-year-old could crack without blinking. If you’re still using classics like 123456 or admin, it’s time to change that password before you become the next victim of the data crime wave.

A recent survey has revealed South Africa’s top 20 favourite passwords, and most of them aren’t hard to guess – especially for cybercriminals. Let’s take a look at what internet users from Cape Town to the Limpopo are opting to use, and what you should probably use instead.

Do you use a globally preferred password?

A report by Online security company NordPass has revealed that SA’s 2023 most used passwords have a worrying global trend, and most of them will be familiar to anyone who has worked in an office, especially in the IT department. Here are some of the trusty strings of numbers and letters that people turn to when securing their valuable data.

  1. admin
  2. 123456
  3. 336699
  4. password
  5. weiter

While “admin” is the most common password used in South Africa and second most used globally, there were a couple of passwords in the lineup unique to SA. These included “Mandela1964”, “sexy1234” and ‘october@24’.

Taking a look at this year’s list, it’s clear that local netizens have a long way to go in improving their password game. Most of the country’s favourite passwords can be cracked in less than two seconds, making them close to worthless as a cybersecurity defence in real terms.

As a security conscious net user, you’ll definitely want to do better than “password” – and we’d love someone to explain what “weiter” even means!

Here are 6 of the most common password mistakes and the best practices that you can adopt to secure your data with a strong password.

Six password mistakes to avoid

  • Changing a single letter and thinking its enough. Single letter substitutions like “p@ssword” aren’t effective barriers against cybercrime – in fact they can be cracked in seconds.
  • Not using a password generator. A unique, randomly generated password is far more difficult to crack than a common one that’s used by millions of people.
  • Sharing your password. There’s almost no situation which should call for you to reveal your password to anyone – and if you do, they’ll need to take special steps to keep it secret.
  • Not changing your password regularly. You’ll want to update your password every few months – and if one of your devices has been stolen or compromised you should do it right away.
  • Keeping default passwords. Devices that are protected with the password “admin” are all too common, and the only people who approve of them are hackers.
  • Not having an integrated cybersecurity strategy. A strong password should be matched with a firewall and secure cloud storage to maximise your data a protection level.

Soteria’s range of encrypted backup solutions has the right package for businesses and households of all sizes. Browse our packages today and sign up for the solution that suits your needs.

Sharing Public Links | Data Security

Data Security: How Safe is it to Share a Public Link?

Link sharing is so common that we don’t even think about what we are doing when we copy and paste a link. But thinking twice before sharing public links to an interesting article could help protect you from cybercriminals

Here’s why link sharing has become so risky and what you can do to stay safe – while staying social – online.

Think before you link

There’s no doubt that hyperlinks are one of the major inventions that made the rapid progress of the internet possible. After all, they give us a simple way to link pages within a single site or refer to other URLs.

Without links, websites simply wouldn’t function, and Google would lose one of the major criteria it uses to rank websites on the search results page. But for all the great functionality that links offer, they also present their share of risks.

In general, there are three main online security threats that could occur every time you share a link.

  1. Privacy concerns. Linking to a Google Drive or Dropbox folder containing sensitive information could result in major data losses if it falls into the wrong hands.
  2. No user trail. A public link can be accessed by anyone and even with the best analytics you won’t know who actually clicked on it – and potentially viewed sensitive information or downloaded it.
  3. No passwords required. A normal hyperlink doesn’t require a password to access it, leaving sensitive information potentially exposed.

In addition, a major issue can arise if there’s a typo in your link, which creates a brand new link that previously didn’t exist. This new domain could be noticed by cybercriminals, registered, and populated with malware or other damaging software.

If a social media post containing the erroneous link happens to go viral, millions of internet users could be affected.

How to share data safely online

To avoid the data privacy pitfalls that come with link sharing,  you’ll want to opt for alternative ways of sharing information.

Encrypted email, private groups on slack and WhatsApp, and private networks are some alternatives that will let you share information without exposing your business to significant online risks.

Keep your data safe with secure cloud storage

Being conscious of online security threats is one part of an overall strategy that can help you to secure your data.

Secure cloud storage will let you build a fortress around your valuable files and ensure that they don’t end up in the wrong hands. To protect your data today, choose from our range of packages for business and personal users.

LastPass Password Breach | Data breach

LastPass admits to August security breach of customer data

A weak password can seriously compromise your online security, but what happens when the online service that’s supposed to keep all your passwords safe in one place becomes the latest victim of cybercrime?

LastPass, an innovative tech business that prides itself on giving users peace of mind by taking care of all their passwords and letting them remember just one, found itself in a majorly embarrassing situation when its own cybersecurity was compromised last August.

If you’re a LastPass user or a web user in general, you’re probably worried about this development and how it impacts the safety of your private information. Let’s take a look at the Lastpass data breach incident in more detail and find out what your next step should be.

Cybercriminals turn a LastPass  into “lost pass”

There’s an app for everything nowadays, including keeping your password safe – or so we thought.

LastPass attracted millions of users by taking away the burden of remembering dozens of passwords and updating them every time you change them. The company’s unique selling point was its convenience and security: after all, asking users to trust you with the key to their most important online information is no small thing.

Last August, the unthinkable happened when LastPass found itself compromised in exactly the same way that it’s users were trying to avoid by using the popular online service.

According to a statement released by the company, an online security breach occurred and the following information seems to have been compromised:

  • basic customer account information
  • company names
  • end-user names
  • billing addresses
  • email addresses
  • telephone numbers
  • IP addresses

While the company insists that attackers will find it difficult to guess the passwords they were tasked with keeping safe, we would advise anyone using the service to change their passwords right away.

Secure passwords and secure backup: a powerful combo to keep hackers away

The LastPass breach is the latest in a long string of cyber security failures at large companies and tech providers. There’s a valuable lesson in this incident for all internet users.

No matter what convenient services you use, it’s essential to have an independent copy of your data backed up in the cloud with advanced encryption technology to keep it safe from cyber criminals.

Soteria Cloud’s range of backup solutions for households and businesses of all sizes is a powerful form of protection for your vulnerable personal and commercial data. We’d love you to visit our product page and select a package that suits your needs the best.

Website security | Cybersecurity

So you’re building a website? Here’s how to keep it safe

A website is a fundamental marketing tool for any new business and for companies looking to expand their client base. But, setting up an e-commerce website for your business needs to be done in a way that maximises your online security.

Your website is electronically linked to both you and your business in terms of privacy, geolocation, and financial details. This means that any gaps in your website security could expose your confidential private information to cybercriminals.

With an average of 30 000 websites being hacked per day, now is definitely not the time for complacency when it comes to the safety of your digital online assets.

Let’s take a look at some of the risks involved in setting up a business website from an online security point of view and how you can mitigate them while creating a unique piece of online real estate.

pay for WordPress themes – it’s cheaper than a data breach 

Pirated WordPress themes that contain malware and other coding which allows easy access to your website and business data are a cybercriminal’s fastest route in. You can close it by opting for paid themes from legitimate developers.

  • Using cheap themes may seem like a good idea when it comes to cost savings but considering the massive security gap that they open up for your website security it’s just not worth it.
  • Choosing safe WordPress themes with built in security or ordering custom themes from a developer with experience in dealing with cybersecurity is an investment in both the professional appearance of your website and its security.

maintain strong passwords for solid website security

strong passwordsFiltering your users’ passwords for strength and insisting on combinations that are hard to crack can save your site from a major data breach.

To learn more, check out this article on our blog that has 5 easy tips to ensure password strength.

run your new website with secure cloud storage for seamless data management

Once your business website is up and running you’ll need to deal safely with the stream of data between your site and the internet on a daily basis.

Opting for one of our secure cloud storage packages for businesses will give you peace of mind while your data remains safe and encrypted in the cloud.

To learn more about secure cloud storage and how it could  benefit your business, contact us today.

Weak Passwords Weaken Your Security | Password Security

Why weak passwords weaken your security – stop the blame game

When NordPass released its annual list of common passwords for 2021, that old staple of the lazy password maker, 123456, made it to the top of the list once again. If you’re shaking your head in disbelief or chuckling as you read this, take it from us: weak passwords are all too common, and they leave the door wide open to cybercriminals.

Let’s take a look at how weak passwords can weaken your security and how you can fix yours today.

weak passwords: who’s to blame?

Let’s be honest – we’ve all used easy to guess passwords before and who could blame us? They’re easy to remember!

Unfortunately, the entire cybersecurity community is blaming us. That’s because lazy passwords are also easy to crack –  and when a data breach happens, who’s to blame?

Instead of making fun of average Joes like us and the passwords we choose, a better strategy for website owners is to understand the importance of a strong password and how to help users develop one.

Users will naturally chose simple or funny passwords for the sake of convenience or to save time. As a site owner, you’ll need a system that filters out weak passwords and encourages users to make theirs longer – and not necessarily more complex.

But what does a good password look like in 2022 anyway?

what makes an iron clad password?

Whenever a user creates an online account, they’ll  go through a process of password creation – and somehow, the password they choose is never good enough.

We’ve all been there: either the password is too long or too short or doesn’t contain enough uppercase characters, symbols and other special characters…

A good site makes this process easy and even humorous but the site owner takes on the responsibility of putting a strong block on proceeding until such time as the user has chosen a safe password has been chosen.

Truth be told,  all this hassle is for a good reason. The more unusual your password is, the more difficult it is for hackers to crack it. At least that’s what we used to think.

  • Cybercriminals use a technique called brute force cracking to discover passwords.
  • This basically involves trying random numbers and letters together in sequence like the wheels of a slot machine until the password is cracked. The process takes time – and the longer your password is, the more difficult it is to crack.

A short password that contains special characters isn’t necessarily going to be more effective against cybercrime in 2022.

Instead, it’s a good idea to lengthen your password as much as possible and always use the maximum amount of characters allowed by the app or website you’re using.

keep the good stuff to yourself

You’d be surprised how many data breaches, hacking attempts, and cases of fraud have taken place simply because someone wasn’t careful enough about hiding their password.

  • It’s essential that you never share your password with anyone or write it down and leave it somewhere –  like on your desk where people with prying eyes can see it.
  • By taking a few simple measures, you can keep your password safe and effective and protect yourself from the rising threat of malware, ransomware and cyber crime in general.

take your data security to the next level with secure cloud storage

The safety of your data is one of the most important aspects of your company’s overall digital safety plan this year.

Our range of secure cloud storage solutions will help keep your valuable information safe in the cloud.

Best Password Advice | Passwords

Passwords – Then and Now

In the ‘good’ old days before the internet became our backyard, ‘passwords’ applied to secret dens at the bottom of the garden. Password advice was only given out to those granted secret access to these dens as part of the gang.

Of course, not all passwords in those days related to childhood games, but the point remains, they were not a massive part of everyday life. You certainly didn’t need them to make a phone call because phones then were used for calling people. Computers were around, but cybersecurity was still relatively unknown and password advice a thing of the future.

fast forward to the use of passwords today

Today, you need a password to log onto your phone, passwords for every app and more passwords to make changes on the said apps. The simple task of accessing your bank account or paying your electricity bill can also require multiple passwords.

Popular advice states, ‘don’t write a password down.’ However, when you consider the veritable bible of passwords required to access your various online accounts and data, the thought of storing them all in your head can be rather daunting and near impossible.

Which brings us to our next point, the cardinal sin of using the same password for multiple accounts. Hackers love this attitude, guess one, and you guess them all. This being the case, it makes sense to create random passwords with words that are not easy to crack, differ for each account or log-in, and are easy to recall but near impossible for a would-be hacker to guess.

Sound like the unicorn of passwords? Well, using three random little words is actually easier than you think!

why three random words?

Memorising complex combinations of letters and words isn’t one of our strong points as humans. Instead, our memory recall relies on predictable patterns and numberings to file them away safely in our brains for future use. If the combination is too complex, we forget and so resort to the ease of using the same password repeatedly.

The concept of using three random words as a password is simple. Pick a phrase or combination of three words and use this as your password rather than using a single word followed by a predictable exclamation mark or hashtag sign. This approach keeps hackers guessing and makes you less vulnerable to pesky cyber criminals.

why random words make sense

  • Longer passwords make it near impossible for hackers to bypass your security.
  • The words contain information essential only to you and are relevant to the site or app.
  • Multiple words increase the range of possible passwords for hackers to consider.
  • They are easier to enter than complex passwords with numbers and special characters.

If you are required to include numbers and symbols to the password, add them at the beginning and end of your random words. For example, you could use 3GreenHealthyApples#! as your password for a health app.

our parting words on the best password advice

Keeping up with the best password advice is essential if you don’t want to fall victim to opportunistic criminals. Use the tips and advice above to ensure that you’re always one step ahead and that your data and devices are always safe. Oh, and find a password manager that works for you, not the hackers…

Got some password tips and advice of your own to share? Let us know in the comments and let’s share our tips!

Identifying and Detecting Fraud, Step by Step

online fraud detectionIt is an undeniable fact that when it comes to detecting, preventing and investigating fraud and other security incidents, data and evidence are vitally important if accuracy is to be ensured. Something that cannot be denied is that a thorough investigation is required when fraud is suspected.

This seems an obvious statement, doesn’t it? But when you consider just how little South African (and international) companies are doing to spruce up their security measures or put systems in place to prevent and reduce fraud, it would seem that they don’t appear to be considering these vitally important aspects.

identifying and detecting fraud every step of the way

By looking at how a user signs up for an account on an e-commerce site or with a bank, we can show how fraud can be identified and detected step by step by taking data and evidence into consideration.

step 1: the creation of an account

This is the first step that a user takes and sadly, it is often overlooked during fraud detection processes. It’s undeniably challenging for e-commerce businesses and financial services to immediately determine what a legitimate and fraudulent account creation looks like. By looking at the user data, behavioural data, and environmental data of a user across various online applications over time, fraud analysts can understand the intent of a new sign-up and potentially stop it in its tracks.

step 2: user logins

How a user logs in, what time of day they log in, how often they log in and what devices they use to log in can provide a lot of meta-data. By analysing these parameters, it is easier to tell if someone is a legitimate user or a fraudulent user. For instance, an account that has several “wrong password” attempted logins before eventually getting the correct one should raise a red flag.

step 3: how data is requested

When a user signs up for an account, their typical behaviour can be closely monitored. If it isn’t, fraud analysts could miss out on important detection opportunities. For instance, a user is likely to behave in a similar manner every time they use their account. If they start requesting data that they don’t usually, or a change in their account behaviour is noticed, it should be further investigated.

step 4: sudden addition of a new account

A big red flag is the addition of a new account for money transferals which should be investigated more closely. Fraudsters often add a new account to transfer funds out of the main account that they have hacked or hijacked. Watching for this is an important part of the step by step process to identifying and detecting fraud.

step 5: the environment used for logging on

The environment where a user accesses his or her account from is something that should be monitored. When it comes to fraud, if a user accesses his/her account from many different environments, it could be a sign of foul play. Also, if more than one user is accessing a certain service from the same environment, it could be a further sign that something isn’t quite right. Fraud analysts can gain a lot of insight by monitoring this.

be alert & aware of potential fraud this year

With 2021 already a couple of weeks old, and corruption and fraud top of mind, many companies are spending time improving on their security systems. If you are thinking about upgrading your data security, take some time to consider how you can identify, detect and thwart fraud before it happens, by taking a closer look at the above-mentioned parameters within your business environment.

A secure online backup service for offsite protection of your data is a good place to start!

FNB Goes Digitally Virtual with Credit Card

If you are interested in convenience, especially when it comes to finances, October is the month to look forward to. Apparently, that’s when FNB plans to launch its new (and much-awaited) virtual digital credit card. Sounds like quite a mouthful! In reality, the new credit card is designed to offer exceptional convenience, coupled with the type of security features considered ‘state of the art’ in South Africa.

FNB virtual credit card promises

For starters, the FNB card will be a contactless digital experience, rather than a physical card. It will exist on a user’s mobile device and can be used to carry out a variety of payments where Tap ‘n Go, Scan to Pay, and QR code payments are allowed.

Using either an Android smart device or Apple device where the merchant accepts QR code payments, you can go grocery shopping, pay your accounts, take the family out for lunch and even set it up to pay for your services such as Netflix, Spotify and iTunes.

So what, you might say – a virtual credit card is really nothing new! In fact, people have been able to get digital credit cards and use them online for quite some time now, so what’s new?

The difference is that the new virtual credit card can be used anywhere, not just online! What’s more is that the card expiry date will be extended, enabling you to use the card for a longer period without worrying about an expiry date

Impressive Security Features

The card offers the type of security that South African consumers have been all but begging for. At Soteria Cloud, one of the functions we are most impressed with is the encryption functionality and the dynamic CVV (Card Verification Value) number which changes every hour, to minimise the risk of fraud. We consistently remind you to change your passwords…now you have a credit card that’s smart enough to change its own security numbers, for your protection. That’s impressive!

Another impressive safety feature of this virtual card is that it can be blocked or cancelled with a simple click of a button from within the app.

The product will be available to customers using debit, fusion, credit, and business cards with FNB. If you’re looking for a more secure way to save and spend your money, it looks like FNB is coming up with just the solution!

If you’re looking for ways to better protect your data and money, get in touch with us at Soteria where we offer maximum offsite protection for all your data storage needs. Contact our support team at any time.

Poor Password Behaviour & Choices Continue to Thwart Security

Be honest… how many passwords do you have? The reality is that most people have one password that they use on every device, as well as for all of their online accounts. This isn’t just a risk for your personal information…it’s also causing a massive headache for IT security professionals.

For years we have heard tech professionals offering password tips, advising on ‘safe and secure’ passwords. “Have a different password for separate accounts”, “change your password regularly”, “don’t use personal information in a password that someone could guess” – these are some of the things that have been said time and again. Yet it seems people just don’t listen, as data breaches and theft, due to poor passwords, is at an all-time high.

What’s the Real Problem Behind Poor Passwords?

Simply put, people are bad and lazy when it comes to setting passwords. We choose the quickest and ‘easiest’ way out when asked to create a password. Instead of choosing something secure, we choose something that we can remember. And in most instances that’s a birthday, pets name, maiden surname – you know how it goes.

As technology became a bit smarter and began to prompt us to use passwords that are more challenging to guess by combining capital letters, numbers and personal characters, many of us still opted for the easiest route. This is why you see passwords cropping up, such as “p@ssw0rD” – which essentially, isn’t very secure at all.

The path of least resistance

It would also seem that many of us have become blasé about password security. When told that our accounts have been hacked and that the data has been breached, the accepted and recommended solution is to change our passwords. Some do this, a large portion of us don’t. And even those that do change their passwords, only attend to the particular account that has been hacked, overlooking the fact that the same password has been used across multiple devices for multiple accounts.

Another problem area for bad passwords is routers. Most routers come with a pre-loaded default password attached for easy setup and installation. As a gateway to the internet, a router needs to be secure, yet the default passwords are often easy to guess and need to be changed. So many people never change the default password leaving themselves open to being locked out by hackers – similar to a lock on your house. If you sell your home and the new owners don’t change the locks – your keys will always have access, which means you could lock the new owners out!

Go Ahead – Change Your Password!

Are you a poor password offender putting your data and personal information at risk?  Security experts suggest planning a schedule for password changes, making it a routine for the long term that includes a new password for your router and ALL of your accounts.