How’s your password management? Think you’ve fooled the hackers by using something cryptic like ‘pa55w0rd’? Got all your passwords – including those to the company social media channels – stuck on a post-it note on your desk? Using the same one that you’ve used since you were 15 everywhere you need a password?
If this is you, you need to buck up your ideas – you don’t want to end up like the poor folks at the British Milk Council.
Now, unlike the British Milk Council – which is a parody account friends – social media security is no joke. It’s critical you get it right.
With that in mind, we picked the brains of Natives Group’s resident security expert Lewis Cockle, who has come up with six top tips to save your ass.
Over to Lewis…
Use a password manager!
This is generally a good rule, but even more so when an organisation is sharing credentials for social media. A decent password manager tool shouldn’t set you back too much, and should enable you to see when and where sites are being accessed as well as giving you the ability to block access to every site in one go, should you need to.
Use a decent password
Every year there are hundreds of data leaks, sometimes from huge organisations (See Equifax, Uber, Yahoo). If you’ve used the same password for more than six months, you should assume it’s been compromised and change it! You should also endeavour to make your passwords relatively complex (this is made easier by using a password manager).
If you’re struggling on how to make a good password, check out this government-approved advice.
Don’t use the same password for more than one site
Yes, I know that might seem arduous, especially considering how many sites you will need a password to access. But there are ways you can get around this (see point 1 for the best way). This gives you the best kind of protection if one of your accounts is compromised because you have already mitigated much of the potential damage.
Use multi-factor authentication!
If possible, always try to use multi-factor authentication (sometimes called two-factor authentication, or 2FA). This means that whenever an account is accessed from a new device or location, it will require an additional code to gain access. This is often sent through a text, and there are some apps that provide codes for multiple services.
The UK’s National Cyber Security Centre creates and distributes pretty good material. If you manage access to websites and services for your team or company, you should check them out.
Shout out to the US National Institute of Standards & Technology (NIST) who produce world-leading cybersecurity guidance. It’s very much focused on businesses, rather than individuals, but is a darned good read.