Midlands IT experts today warned simple measures could prevent devastating consequences for businesses not keeping up to date with advances in security.
The warning comes after the online note-taking service Evernote was hacked at the beginning of this month – resulting in 50 million passwords being compromised.
Suspicious activity was first noticed on February 28th and on March 2 Evernote posted an advisory informing its near 50 million users that it has suffered a serious security breach that saw hackers steal usernames, associated email addresses and encrypted passwords.
The company advised users that following a reset, “creating strong, new passwords will help ensure that user accounts remain secure.”
But Chris Pallett, of the UK IT Association and owner of Bespoke Computing in Telford, Shropshire, said a move away from the traditional password altogether would be a better security measure.He said: “The scale of the Evernote hack is significant. Somebody now has a list of fifty million usernames and email addresses that can be put to work for other malicious activity.
“This hack is just another of several high profile security breaches in recent weeks and it highlights a widening gap between the trust being placed in Cloud based services by its users and how seriously security is being taken by the companies offering these services.
“Both small businesses and individuals are worryingly relaxed about the security of the data they store online. It is only time before hackers penetrate a system or service and acquire data with devastating consequences.
“It is too easy to download an app and share personal information with little regard for what happens afterwards. Better education on information security and how to secure the data being stored on Cloud based services is required.”
Mr Pallett says complex passwords are easy to crack but more difficult for hackers is entry through a pass-phrase – a sentence, that can also contain special characters – that is not only lengthy but much easier for the user to remember.
“The basic notion is that developments in computing power make it simple to crack a complex password,” he added.
“The industry is also looking at other solutions including voice recognition, key stroke analysis and fingerprint identification. But these will come in over time – for now business owners need to make sure their systems are as secure as they can be.”
For more information about pass-phrases and their uses visit www.bespokecomputing.com or contact advisors on 0845 004 3025.