5 Ways To Protect Your Business From Brute Force Attacks

For experts, it’s fairly easy to spot a secure password compared to an unsecured one. There may be times that you would choose an easier password for convenience, than a complicated one in worry that you might just forget it. Although, securing your account is the first step to making sure not only your own account is protected, but also your customers as well. 

Brute force attacks target mainly your login credentials. And once they’re in, it’s pandemonium. There are various ways that how they will try to get in, and these types of brute force attacks may actually be happening more frequently than you would expect.

But before they attempt these brute force attacks, hackers would have already gotten a hold of at least one of your personal or sensitive information, may it be your contact number or email address. From that point, it’s a cakewalk for them to find out more about you, and your information online.

To protect your business and your customers’ information, take a look at these tips we have for you:

1. Mix and Match – Combine Alphanumeric Characters, Symbols and Capitalization

This is possibly the most basic security protection you can apply to your accounts. When setting up a password, you are always asked to veer away from your personal information and anything that can be linked to you.

brute-force-attacks-cpanelScreenshot from cPanel

Utilise password generators that your platforms suggest. In cPanel, a password generator is available and you can customise it as you prefer. The longer and the more complicated the password is, the better. 

In line with this, make sure that you set unique passwords for each of your logins. If a hacker gets in using one password and sees that it can get through to your other files and folders using the same, it’s already a foreseeable disaster. cPanel allows you to set separate passwords for your files and directories.

So, to avoid the trouble of looking around for your passwords for each of your accounts, hop on to the next tip.

2. Keep Your Passwords Safe With A Password Manager

Having a password manager keeps you from forgetting all the complicated combinations because you only have to remember one. The password manager keeps everything in one place for you. Some password managers also enable multi-factor authentication, which is where our next tip comes in.

3. Be Twice As Secured With Double-Authentication

Aside from your password, setting up two-factor authentication (2FA) before being able to access your account is suggested – but we say it is essential. Other platforms even suggest multi-factor authentication (MFA), which increases the login steps but definitely secures your accounts more.

Here are the types of 2FA or MFA you may have come across:

  • SMS or email. After logging in with the password, your platform will require a unique code that will be sent either via SMS or email, whichever you have registered. Once you have keyed in the code, that will only be the time that a user can have access to the account.
  • Biometrics. This can be done through fingerprint or face ID, mostly used on mobile devices. It’s either used as an alternate method of logging in (instead of entering the username and password), or as an additional method of verification.
  • 2FA application. This method employs the use of another platform logged into another device. Examples of these applications would be Okta and Sailpoint. Facebook utilizes this when it’s your first time logging in to a computer or a handset; it then asks you to generate a code from another device you are already logged in to. Google also employs this authentication method by asking for access from their other owned platforms such as Gmail or YouTube. cPanel allows you to enable 2FA for your control panel login.

4. Capture Them With CAPTCHA

Ever wonder why some of your login attempts are sort of halted with these?

CAPTCHA is the generic term for these types of additional verification to prevent malware and bot access. If a hacker attempts to use an automated brute force attack software to try and get into your accounts, this will hinder their progress.

These are the types of CAPTCHA that you can use:

  • Image CAPTCHA. A user will be asked to select photos that correspond to a given text. E.g. A user must select all photos with a traffic light.
  • Text (or audio) CAPTCHA. This is similar to the example given above, wherein a user can either type the text you see on the box, or he/she can click on the speaker button to hear it instead (for accessibility purposes, if in case the user is vision-impaired).
  • Checkbox. Fairly simple – a user has to tick a checkbox that says “I’m not a robot”.

5. Lock Account Or Limit Number Of Failed Login Attempts

Another basic protection is to set a limit to failed login attempts before a user is automatically locked out, for a certain amount of time. This way, automated brute force attack tools will not work since they will have to reset during every attempt. 

Notice that we mentioned your account should only be locked out “for a certain amount of time”, instead of indefinitely. Your system administrators may have a hard time having to unlock several accounts in these events, so you want to make sure that it saves time for your users and your people, as well. Security and speed at their finest, right?

Spread The Word And Make Your People Aware Of Brute Force Attacks

Now that you know about these security measures to protect you and your business from brute force attacks, it’s not enough that only you have this information. The more people are knowledgeable about these protective measures, the less likely it is that you and your business can get a brute force attack. That includes your business partners, your staff, and your customers – whose information needs to be just as secure as your own.

Not only do you have to make sure you employ these security features for your business, but it’s also your job to make sure you look for these features when you fill out forms or provide information to your potential contacts over the Internet. The security of your business is no small matter, and knowing that your information is always safe is one step towards securing the trust of your customers, as well.

Share This Post