2 things to do now to keep employee usernames and passwords safe

  • Attacks from hackers are on the rise, putting company websites and databases at risk.

  • Proven security practices and technology can protect employee passwords and company data.

Big new hacks seem to be coming out every day, and nobody is safe. From major retailers to major banks, these hacks have stolen literally billions of login credentials from people around the world.

You don’t have to be a retail giant to be targeted by hackers. Any site, no matter how large or small, might now be a place where hackers can target data. If hackers can break into the servers of the big guys, then you know your security can also be compromised. Businesses of all sizes need to prepare their websites as soon as possible to deal with new web security realities.

Thankfully, recent hacks still seem to rely on the same old tricks, and there are two big things your company can learn and immediately put into practice to stay safe:

1. SQL Injection is still a major threat

When Russian hackers stole billions of accounts earlier this year, they did it in a way that’s been around for more than 15 years, with a technique known as SQL Injection.

If your business has a database, chances are good that it’s based on some form of SQL—it’s the worldwide standard powering databases for companies big and small. Through various means, hackers can insert malicious code into your database, causing it to execute whatever code they want, including giving the entire contents of the database to the hacker.

While SQL Injection attacks are best known for taking down websites, they can work on any kind of SQL database, even your internal ones that the public shouldn’t have access to!

While companies with large and talented IT staff can safely and thoroughly prepare for these kinds of attacks, hackers are raising the bar for what “prepared” means day by day, and it’s increasingly hard for anyone to keep up. Companies are finding that they can get the best protection and the best prices by moving their in-house servers to cloud-based server solutions that are quick to set up and are extremely secure.

2. Employees still need training on best security practices

One interesting statistic from the recent theft of more than a billion accounts indicates that while only 500 million email addresses were stolen, more than 1.2 billion username/password combinations were found in the database!

This is a huge problem, because it points to widespread password re-use where people and employees are using the exact same e-mail address and password combination for multiple sites or services.

Although it can be tough to do correctly, employees have to be trained on basic password essentials like:

  • The importance of secure passwords. Does your company have password requirements in place that prevent employees from using passwords like their children’s names or simple letter and number combinations?
  • Do employees know what a secure password looks like? While you can have rules enforced on your own servers, employees who deal with passwords on external sites like social media accounts need to know how to create secure passwords there as well. Any employee education needs to include rules for creating strong passwords everywhere.
  • Employees need training on how and when to share passwords with each other. Some kinds of accounts are shared among multiple people in offices, and employees need secure ways to send these passwords. Often, these passwords are sent around via e-mail, which can be easily intercepted by hackers. Instead, employees need to be trained on how to use encryption software to share passwords in a way that can’t be seen by a potential attacker.

Learn more about AT&T Network Security Services.

Companies face big security challenges today, but with proper training and the right software, you can feel confident that you’re keeping yourself (and your customers’ data) safe. Do you have any questions for me about security in the workplace? Hit me up in the comments below, and I’ll be sure to get back to you!


Mario Armstrong, Digital Lifestyle Expert, is an Emmy Award winning, tech commentator for the TODAY show, CNN, HLN and Fuse. An entrepreneur by nature, Mario made his passion his career by quitting his day job and founding Mario Armstrong Media. Follow Mario at@MarioArmstrong. AT&T has sponsored this blog post.

Mario Armstrong Digital Lifestyle Expert Sponsored post About Mario