Business
Home & Auto
Life Insurance
Group Benefits
Retirement Planning
Did you know the average internet user has 25 accounts to maintain? Despite this, people only use an average of 6.5 different passwords to protect them.
With identity theft and data breaches an ever-growing problem, it's important to not only have a different strong password for each account, but to make those passwords easy to remember and hard to guess.
Implementing security measures starts with anticipating security threats. There are four main ways that attackers attempt to obtain passwords:
An attacker can capture a password through password storage, password transmission or user knowledge and behaviour. Operating system (OS) and application passwords are stored on network hosts (a computer connected to a network) and used for identification. If the stored passwords aren't properly secured, attackers with physical access to a network host may be able to gain access to the passwords.
Never store passwords without additional controls to protect them. Security controls include:
Hashes are the end result of putting data, like passwords, through an algorithm that changes the form of the original information into something different. For example, the password ‘default’ could be mapped as an integer such as 15. Only the network host knows that 15 stands for the password ‘default’.
Using hashes allows computers to authenticate a user’s password without storing the actual password.
Even when passwords are protected with hashes, an attacker can still uncover them via transmission. When a user enters a password into a computer, the password or hash is often transmitted between hosts over the network to authenticate that user. This transmission action is vulnerable to attack. You can reduce this risk by encrypting your passwords or the transmissions containing the passwords.
You can also avoid transmission risks by storing passwords on paper. Such papers should be physically secured in a locked safe or file cabinet. Be sure to properly discard any password-containing papers by shredding them.
However, storing passwords on paper cannot protect against means of capturing passwords that rely on user behaviour such as malware. For example, Trojan horses and keylogger malware observe user activity, such as which keys a user presses, to discover his or her username and passwords. Mitigate these threats by regularly scanning your computers with antimalware and antivirus software.
Users can also endanger password security by responding to phishing attempts, which relocate a user to a malicious website posing as a legitimate one that asks for sensitive information such as usernames and passwords. Caution against downloading files from unknown sources.
Common Types of Social Engineering Hacks
Attackers attempt to discover weak passwords through guessing, and recover passwords from password hashes through cracking.
Guessing is simple: An attacker attempts to uncover a password by repeatedly guessing default passwords, dictionary words and other possible passwords. Anyone who has access to the authentication interface can try to guess a password.
That's why strong passwords are necessary for cyber security. Never pick a password that someone could easily guess, and make sure to reasonably limit the number of authentication attempts to prevent unlimited guessing.
Cracking is a little more complicated. Attackers gain access to password hashes and attempt to discover a character string that will produce the same encrypted hash as the password. If the hash algorithm is weak, cracking is much easier.
Hash functions should be one-way, meaning passwords only go from original to encrypted, not vice versa. Hash functions make it nearly impossible to derive the original text from the character string. As with guessing, cracking can also be prevented by choosing strong passwords and periodically changing them.
When users forget their passwords, they have two options: reset the password (change it to a new one) or recover the password (get access to the current one). If your identity is not properly verified in a reset or recovery request, an attacker could easily pose as you, gain unauthorised access to the system, application or data and provide a password that only they knows.
This replaces your original password with something unknown, barring you from the system.
All attempts to reset or recover a password should start with a rigorous verification process. Verification should not hinge on information that can be easily obtained, such as birth date, employee number or mother’s maiden name. Instead, consider personal or subjective information that only the user knows.
When an attacker compromises a password through any of the previously mentioned methods, that attacker will have unauthorized access until your change your password. For this reason, many organizations use automatic password expiration measures to ensure no password remains valid forever.
Yet password expiration is futile if the root cause of a compromised password is not fixed. For example, if an attacker uses cracking to obtain a password, automatic password expiration will not solve the security problem because the attacker can simply use the same process again. If you use automatic password expiration, make sure you have a plan in place to secure your system and reset passwords in the event of a security breach. When one password is compromised, reset all passwords just to be safe.
Scrivens has the following strong password rules you can set in place to help protect your identity and keep your data safe:
Many apps and websites are beginning to take the security of their users serious and provide added protection. Always take advantage of these added features, including: multi-factor authentication, biometric security (ie. fingerprint), code generators, etc.
To protect yourself even further, consider personal cyber insurance. In Ontario, t's often added to your home insurance or condo insurance as an endorsement.
Speak with your Ontario insurance broker today to see if personal cyber insurance is an option for you.
Despite the amount of awareness and data to back up the risk of using "easy" passwords, they are still being used in 2021. Check the list below to see if any of your passwords are one of the most common passwords:
On-going password management will help prevent unauthorized attackers from compromising your password-protected information. Effective password management protects the integrity, availability and confidentiality of your passwords.
Integrity and availability should be ensured by typical data security controls, such as using access control lists to prevent attackers from overwriting passwords and having secured backups of password files. Confidentiality, on the other hand, is much harder to ensure—it involves implementing diverse security measures and making decisions about the nature of passwords themselves.
For example, you should use long, complex passwords with a mixture of numbers and letters. However, complex passwords are harder to remember, which means you're more likely to write them down and subsequently endanger your system’s security. This presents a dilemma in which one security measure (choosing a long, complex password) conflicts with another (never writing down your password).
You can help resolve conflicting security measures by implementing the following security recommendations:
Managing your password security risk can be a difficult process—threats are unrelenting. Contact the insurance professionals at Scrivens for more information on mitigating your cyber risks and protecting your assets.
As cyber attacks become more and more common, protecting your data is increasingly difficult. In fact, a study from Juniper Research found that by 2023, cyber criminals are expected to steal an estimated 33 billion records.
In light of the growing number of cyber attacks, many people are turning to two-factor authentication (also commonly called 2FA or multifactor authentication) to enhance their cyber security.
While no cyber security method is foolproof, using two-factor authentication can add an extra layer of security to your online accounts. So how exactly does two-factor authentication work?
While complex passwords can help deter cyber criminals, they can still be cracked. To further prevent cyber criminals from gaining access to your accounts, two-factor authentication is key.
Two-factor authentication adds a layer of security that allows you to protect against compromised credentials. Through this method, you must confirm your identity by providing extra information (e.g., a phone number or unique security code) when attempting to access applications, networks and servers.
With two-factor authentication, it’s not enough to just have your username and password. In order to log in to an online account, you’ll need another “factor” to verify your identity. This additional login hurdle means that would-be cyber criminals won’t easily unlock an account, even if they have the password in hand.
A more secure way to complete two-factor authentication is to use a time-based one-time password (TOTP). A TOTP is a temporary passcode that is generated by an algorithm (meaning it’ll expire if you don’t use it after a certain period of time). With this method, users download an authenticator app, such as those available through Google or Microsoft, onto a trusted device. Those apps will then generate a TOTP, which users will manually enter to complete login.
In its password guidance for secure digital services, the federal government recommends using two-factor or multi-factor authentication whenever possible to prevent cyber attacks. Ongoing password management can help prevent unauthorized attackers from compromising your password-protected information.
Effective password management protects the integrity, availability and confidentiality of your passwords.
Above all, you’ll want to create a passwords that specifies all of the requirements related to password management. This means you should change their password on a regular basis, avoid using the same password for multiple accounts and use special characters in your password.
Financial advising involves providing guidance and advice to individuals, families, or businesses to help them make informed decisions about their financial matters. This can include various aspects such as investment planning, retirement planning, tax planning, estate planning, and more. Financial advisors analyze their clients' financial situations, goals, and risk tolerance to create customized strategies that align with their objectives.
Financial planning is crucial for several reasons:
Goal Achievement: It helps individuals set and achieve financial goals, whether they are short-term, such as buying a home, or long-term, like funding a comfortable retirement.
Risk Management: Financial planning addresses risks by considering insurance, emergency funds, and other protective measures.
Budgeting and Saving: It promotes responsible money management through budgeting and saving, fostering financial stability.
Wealth Building: Effective financial planning can lead to wealth accumulation and the creation of a secure financial future.
Yes, financial advisors can help with debt management. They can assess your overall financial situation, create a budget, and develop strategies to pay down debt efficiently. They may also negotiate with creditors on your behalf, provide debt consolidation recommendations, and offer guidance on prioritizing and managing debt repayment.
The specific responsibilities of a financial advisor can vary, but generally, they:
The fees charged by financial advisors can vary widely based on factors such as the advisor's experience, the services provided, and the region.
Common fee structures include:
Hourly Fees: Advisors charge an hourly rate for their services.
Flat or Fixed Fees: A set fee is charged for specific services or a comprehensive financial plan.
Asset-based Fees: Fees are a percentage of the assets under management (AUM).
Commission-based Fees: Advisors earn commissions on financial products they sell.
Combination of Fees: Advisors may use a combination of the above fee structures.
It's important to discuss and clarify fee arrangements with a potential financial advisor before engaging in their services.