This week, nationally, it is Stay Smart Online Week (9-13 October 2017). Protecting yourself and your business has never been more important so we asked REA Group’s head security coach Craig Templeton to join us for a series of videos about how you can protect your personal and business assets from cyber-criminals.
Five key ways that real estate agents can protect themselves and their business are:
- Create good passphrases for all online accounts and enable two-step verification (when available) for additional protection.
- Train staff to understand the importance of privacy and teach them how to spot suspicious emails.
- Make sure your website has a padlock symbol in your browser address bar and ‘https’ at the start of the website address.
- Keep your software up to date and back up your data to a separate location.
- Protect mobile devices with PINs and avoid conducting sensitive activities on public Wi-Fi hotspots.
Today’s video is about better protecting your data and information through better pass-phrases and keeping passwords safe.
In terms of cyber risk, that’s something that affects all businesses, whether you’re the biggest of the telcos, or the biggest bank in Australia, right down to the one man band. If you’re doing business online over the internet, effectively you’re exposed to the same type of threats. Probably the one thing that unites everybody together is that you’ve got a password for something.
You hear about horror stories all the time, about people being hoodwinked into providing their passwords. An email comes in and says … And it could be from a recognised brand or something that you’re not expecting. Then it starts asking me for all sorts of information like, “We see that your account needs updating.” That’s a common one. Just retype your password, just to make sure it’s okay. But it could be a fake website. Then of course, I put in my password, and then boom, all the sudden somebody has got access to that account for me.
Now where that starts becoming a problem is when you start sharing passwords across accounts. If you get access to one account, and then they have a go at another account, before you know it, they’ve got access to a whole lot of things. But there’s a very simple way that you can actually reduce the risk of actually having your password hacked, which is actually to enable a thing called two factor authentication. Some people call it two step authentication.
That’s where you might get an SMS message, or you might have a little app, or even a hardware token that has a little number on it. Not only do you enter in your password, but then you have to put in this other extra number as well. That is actually a very secure and strong way of logging into a website. More and more companies are starting to roll that out. More and more social media websites are starting that out as well, because they know how effective it is.
Everybody has got a different opinion about what a strong password is. Increasingly, research has shown that longer pass phrases are actually better for people to remember, as strong as complex passwords. But a lot of websites will enforce a complexity level on you as well, which actually makes it difficult to remember. Complexity is things like, not only letters and numbers, but symbols as well. My recommendation for passwords is to actually use what’s called a password manager.
That’s a piece of software where you can actually store all the passwords that you use, which is also secured by a password. It removed the burden for having to remember all those passwords. Some popular ones include a product called LastPass, another product called KeyPass, and another product called 1Password. Choose a reputable company. There’s plenty of reading on the internet about what’s good, and what’s not so good. Choose the one that is most applicable for your platform as well, and think about portability.